Phishing and ransomware attacks increased by 11 per cent and 6 per cent respectively according to the Verizon Business 2021 Data Breach Investigations Report (2021 DBIR).
Phishing attacks are one of the most common security challenges that both individuals and companies face in keeping their information secure. Such scams have been around practically since the inception of the Internet, and continue to play a dominant role in the digital threat landscape.
What is a Phishing Attack?
Phishing is a type of social engineering attack often used to steal user data, including login credentials and credit card numbers. It occurs when an attacker, masquerading as a trusted entity, dupes a victim into opening an email, instant message, or text message. It’s a way by which hackers con you into providing your personal information or account data. Once your information is obtained, hackers get into your system to steal sensitive data.
Abraham Lincoln once said, “You can fool some of the people all of the time, and all of the people some of the time, but you cannot fool all of the people all of the time.” This is the very logic used by cyber-attackers when they launch a phishing attack, hoping that someone will be fooled all of the time.
5 Most Pervasive Types of Phishing Attacks:
- Email Phishing: Arguably the most widely known form of phishing, this attack is an attempt to steal sensitive information via an email that appears to be from a legitimate organization. It is not a targeted attack and can be conducted in bulk.
- Spear Phishing: Spear phishing is an email spoofing attack that targets a specific organization or individual, seeking unauthorized access to sensitive information.
- Whaling: Also known as CEO fraud, whaling is similar to phishing in that it uses methods such as email and website spoofing to trick a target into performing specific actions, such as revealing sensitive data or transferring money.
- Smishing and Vishing: Telephones replace emails as the method of communication in case of such attacks. Smishing involves cybercriminals sending text messages (the content of which is much the same as with email phishing), and Vishing involves a telephonic conversation.
- Angler Phishing: Angler phishing is when a cybercriminal uses notifications or direct messaging features in a social media application to entice someone into taking an action.
Learn the Signs of a Phishing Scam:
- Emails calling for urgent action
- Emails containing bad grammar and spelling errors
- Emails demanding confidential information
- Emails with multiple recipients
- URLs with a misleading domain name
- Unexpected and unsolicited messages
- Too good to be true (e.g. lottery)
- The email address doesn’t match the signature
10 Ways to Protect Yourself from Phishing Attacks:
- Look at the email address, not just the sender: No legitimate organisation will send emails from an address that ends ‘@gmail.com’. Also, email addresses can be spoofed easily. Thus, it is crucial that you check the domain name for spelling alterations.
- Don’t fall for urgency: Phishing attacks often use scare tactics such as urgency and authority to trick victims into taking immediate action. Don’t take any action hastily and always take time to verify.
- Think before you click: Clicking on links that appear in random emails and instant messages isn’t a smart move. Hover over links that you are unsure of before clicking on them to confirm if they lead where they are supposed to lead.
- Check for typos: You can often tell if an email is a scam if it contains poor spelling and grammar. Such errors in an email could be a good indication that the message is not genuine.
- When in doubt, call out: When you find something suspicious, go visit the main website of the company in question, get their number and give them a call to verify.
- Keep your devices up to date: Security patches are released for popular browsers and devices regularly. They are released in response to the security loopholes that phishers and other hackers inevitably discover.
- Don’t share sensitive information hastily: As a general rule, you should never share personal or financially sensitive information over the Internet.
- Always be suspicious of password reset emails: If you receive an unsolicited password reset email, always visit the website directly (don’t click on embedded links) and change your password to something different on that site.
- Filter suspicious attachments: Attachments can be dangerous. Hover over attachments to check for an actual link, before you click on it or download it. But, if you are still unsure of the sender, do not click on the link.
- Install a phishing filter or anti-phishing toolbar on your email application and also on your web browser. These filters will not keep out all phishing messages, but they will reduce the number of phishing attempts.
Everyone is a target in today’s cyberwar climate and the only way to protect what you’ve worked hard to build is to be vigilant. The above-mentioned tips would help you stay safe against phishing attacks.