Phishing is a type of social engineering attack often used to steal user data, including login credentials and credit card numbers. It occurs when an attacker, posing as a trusted entity, tricks a victim into opening an email, instant message, or text message. The recipient is then tricked into clicking on a malicious link, which can lead to the installation of malware, a system freeze as part of a ransomware attack, or the disclosure of sensitive information. This article will talk about the types of phishing techniques and prevention.
Here is a brief overview of five common phishing threats that often crop up in business environments. Each example features “Bob”, a mid-level employee in the finance department who is trying to get through his busy day and respond to hundreds of emails.
- Trust abuse – Bob receives an email from what he thinks is his bank asking him to confirm a bank transfer. The email takes you to a link that looks like his bank’s website, but is actually a “spoofed” but identical copy of his bank’s website. When he gets to the page, he entered his credential but nothing happened. Too late, Bob has just given his bank password to a cyber criminal.
- fake lottery – Bob receives an email saying that he won a prize in a sweepstakes. Bob is usually too smart to fall for this trick. However, this email is from his boss, Joe, and refers to a charity they both support. You click and end up on a fake page that loads malware.
- Data update – Bob receives an email from Joe telling him to take a look at an attached document. The document contains malware. Bob may not even realize what has happened. He looks at the document, which looks normal. The resulting malware could record your keystrokes for months, compromising your entire network and causing massive security breaches throughout your organization.
- sentimental abuse – Bob receives an email from someone claiming to be Joe’s brother-in-law. He had cancer and his insurance was cancelled. He asks Bob to donate to help him recover from his illness. Bob clicks on the link and is taken to a fake charity site. The site could harbor malware or simply steal Bob’s credit card information through a fake “online donation.”
- Interpretation – Bob receives an email from his boss Joe, who says that he needs money by bank transfer to a provider known as prepaid for an emergency job. Can Bob send them the money right away? He seems pretty routine. Bob transfers the money to the requested account. The money is untraceable and is never seen again.
Prevent phishing attacks
- Stay informed about phishing techniques – New phishing scams are constantly being developed. If you don’t keep up with these new phishing techniques, you could inadvertently fall victim to one. Keep an eye out for news about new phishing scams. By finding out about them as soon as possible, you will have a much lower risk of being caught by one. For IT administrators, ongoing security training and simulated phishing is highly recommended for all users to keep security top of mind throughout the organization.
- Think before you click! – It’s okay to click on links when you’re on trusted sites. However, clicking on links that appear in random emails and instant messages is not such a smart move. Hover over links that you are sure of before clicking on them. Do they lead where they are supposed to lead? A phishing email may claim to be from a legitimate company and when you click on the website link, it may look exactly like the real website. The email may ask you to fill in the information, but it may not contain your name. Most phishing emails will start with “Dear Customer”, so be alert when you come across these emails. When in doubt, go directly to the source instead of clicking on a potentially dangerous link.
- Install an Anti-Phishing Toolbar – The most popular Internet browsers can be customized with antiphishing toolbars. These toolbars run quick checks on the sites you are visiting and compare them to lists of known phishing sites. If you come across a malicious site, the toolbar will alert you about it. This is just one more layer of protection against phishing scams, and it’s completely free.
- Check the security of a site – It’s natural to be a bit cautious when providing sensitive financial information online. However, as long as you’re on a secure website, you shouldn’t have any problems. Before submitting any information, please ensure that the site URL begins with “https” and that there is a closed padlock icon near the address bar. Also check the security certificate of the site. If you receive a message that a certain website may contain malicious files, do not open the website. Never download files from suspicious emails or websites. Even search engines can display certain links that can lead users to a phishing web page that offers low-cost products. If the user makes purchases on such a website, cybercriminals will access the credit card data.
- Check your accounts online regularly – If you don’t visit an online account for a while, someone might be having a field day with it. Even if it’s not technically necessary, check each of your online accounts regularly. Get in the habit of changing your passwords regularly, too. To avoid bank and credit card phishing scams, you should check your account statements in person on a regular basis. Obtain monthly statements of your financial accounts and check each and every entry carefully to ensure no fraudulent transactions have been made without your knowledge.
- Keep your browser up to date – Security patches for popular browsers are released all the time. They are published in response to security loopholes that phishers and other hackers inevitably discover and exploit. If you normally ignore messages about updating your browsers, stop. The moment an update becomes available, download and install it.
- use firewalls – High-quality firewalls act as a buffer between you, your computer, and outside intruders. You must use two different types: a desktop firewall and a network firewall. The first option is a software type and the second option is a hardware type. When used together, they dramatically reduce the chances of hackers and phishers infiltrating your computer or network.
- Be careful with pop-ups – Pop-ups often masquerade as legitimate components of a website. All too often, however, they are phishing attempts. Many popular browsers allow you to block pop-up windows; you can allow them on a case-by-case basis. If one manages to go unnoticed, don’t click the “cancel” button; such buttons often lead to phishing sites. Instead, click the little “x” in the top corner of the window.
- Never provide personal information – As a general rule, you should never share sensitive personal or financial information over the Internet. This rule dates back to the days of America Online, when users had to be constantly warned due to the success of early phishing scams. If in doubt, visit the main website of the company in question, get their number and give them a call. Most phishing emails will direct you to pages where financial or personal information inputs are required. An Internet user should never make confidential entries through links provided in emails. Never email confidential information to anyone. Get in the habit of checking the website address. A secure website always begins with “https”.
- Use antivirus software – There are many reasons to use antivirus software. Special signatures included with antivirus software protect against known technology loopholes and workarounds. Just make sure you keep your software up to date. New definitions are added all the time because new scams are also being invented all the time. Anti-spyware and firewall settings should be used to prevent phishing attacks and users should update programs regularly. Firewall protection prevents access to malicious files by blocking attacks. Antivirus software scans every file that comes to your computer over the Internet. Helps prevent damage to your system.