Phishing is a type of cyberattack that predominantly uses email as a weapon. Disguised as a trusted source, such as a real organization or a real person you know, a phishing email asks you to click a link or download an attachment. Hackers use this tactic to get you to give sensitive information (usually a username and password) or download malware (malicious embedded code) that will infect your computer.
Phishing scams are one of the oldest tricks in the cybercriminal’s book, but it’s become more sophisticated in the last decade. The name comes from the metaphor of an online attacker throwing out some bait in hopes you’ll bite. The “ph” alludes to a tradition of hackers intentionally replacing the letter “F” with “ph” as a nod to phone phreaking, one of the first forms of hacking.
According to the FBI Internet Crime Complaint Center (IC3), the organization received approximately 1,300 complaints a day in 2019. Given the number of people scammed every day and the sophistication of phishing tools, it is essential to recognize a scam before it wreaks havoc on your personal or work device. First, you should know that not all phishing attacks look the same. You may come across any of these six common phishing scams.
- Mass Email Scams
Cybercriminals often use mass email scams to lure as many victims as possible with a single email template. Typically, they try to make the fraudulent emails look like innocuous communications from real people or trusted businesses and well-known organizations. For example, during the early weeks of the COVID-19 pandemic, hackers sent out mass phishing emails disguised as information from the Centers for Disease Control and Prevention.
Often, phishing emails tell a story and ask you to click a link. Though they come in different forms, phishing emails always contain a gateway; that is, a link redirecting you to a fake website or an attachment that you must download.
- Spear Phishing
Spear phishing is an email ruse with a specific target in mind. The malicious sender tries to personalize the email with your name, your company’s name or phone number, or other personal information. Then, the email directs you to a corrupt website or prompts you to download infected files. For example, many spear phishing emails ask users to download documents containing malicious software from a cloud service like Google or Dropbox.
Other spear phishing techniques include interfering with authentication between the server and your connected computer. Digital attackers can investigate where you work to target your accounts. They may also determine email addresses by bombarding a company with scam emails and determine correct formats from out-of-the-office notifications.
- Clone Phishing
Clone phishing is another type of email fraud. The attacker imitates a legitimate message that you’ve previously received, replacing authentic links with malicious ones. Unsuspecting internet-users inadvertently download destructive viruses by interacting with these links.
- Vishing
Over-the-phone scams, also called vishing scams, often rely on voice over internet protocol (VoIP), through which the digital attacker sets up as a phony entity (no pun intended) and then tries to steal sensitive data or money over the phone.
- Smishing
Smishing (SMS phishing) uses text messages to trick you into clicking a link that will compromise personal information. The text may link to a data-stealing form or prompt you to contact fake tech support. Since smishing attacks target mobile phones, they typically aim to collect personal data rather than infect your device.
- Whaling
Whaling, also known as CEO fraud, occurs when a hacker decides to target a company or organization’s top executive. In this case, hackers use phishing tactics to rob CEO account credentials to steal data, employee information, and cash. With this information, they may be able to authorize wire transfers or get W-2 information for filing fraudulent tax returns.
How to Stay Safe From Phishing Attacks?
Email spam filters can send many phishing attacks to your spam folder but don’t always catch malicious messages. In addition to using these filters, you can:
- Make sure you have up-to-date security software installed on your devices. You can purchase various types of security software, including anti-virus, network, and malware detection.
- Set up your mobile phone and computer to auto-update so you always have the latest security patches.
- Use a two or multi-step authentication process, making sure whatever device or account you log into requires you to give more than one piece of information, for example, a passcode and a thumbprint.
- Back up the data on all your devices using an external hard drive and secure cloud storage.
- Stay up to date on current phishing trends so you can easily identify any large-scale attacks.
If you have fallen victim to a phishing attack that infected your computer with a virus, consider seeking professional malware removal help and let a professional save your computer, your data, and your time.
Don’t Get Caught Like a Fish Out of Water
Phishing is a fact of 21st-century life. Hackers continually find new ways to get around software designed to secure devices. However, you can reduce the odds of getting caught by staying informed about current phishing scams and protecting your devices with updates, backups, and security software.