Scammers use emails or text messages to trick you into giving them your personal information. They may try to steal your passwords, bank account numbers, or Social Security information. If they get that information, they could access your email and bank accounts.
A new phishing scam is launched every minute. Although this might not mean anything to you, it's in accordance with the FBI which reported that people lost $30 million last year to such attacks. But don't panic! There are a few things you can do to protect yourself from such malware and phishing attacks.
What is phishing?
Phishing is a form of cybercrime where hackers attempt to access your personal or financial information. Hackers may pose as sources you are familiar with, such as your email service provider, in order to trick you into divulging confidential data – often it’s your login credentials.
The purpose of phishing is to identify data such as credit card and login information, or to install malware on the victim's electronic device
They also might pretend to be someone you don’t know, such as a relative or friend who has fallen prey to some severe issue that requires your immediate attention
How does phishing work?
There are certain symptoms that someone might find concerning when looking at a message. The first one is probably the lack of a greeting or salutation in the email. Most people would start off with "hi," or "hey," or even their initials. If it's just a business transaction, starting off with your own initials is perfectly acceptable but for personal emails it's always nice to start with something more formal like learning about what's going on with you and whether or not you've been keeping well lately.
What is a phishing email or text message?
Ever get a text from someone you didn’t think was texting you? If so, chances are it was phishing. This way, people try to steal your sensitive information by luring you in with an email or text that looks as if it came from another place of business.
Scammers can go to great lengths to make phishing messages look like messages sent by reputable companies, but if you pay attention, you will be able to see just how fraudulent they really are.
How do I recognize a phishing message?
Phishing scammers are often fool-hardy and make mistakes that are easy to spot when you know how. Look out for these phishing warning signs every time you open an email or message
It is poorly written
Even the largest companies can make small errors from time to time in their communications. However, phishing messages often contain some pretty obvious errors that are a dead giveaway it is a scam. For example, if you receive an email or text requesting your personal information and it has several obvious grammatical errors, you may be the target of a phishing scam.
The logo looks weird
Phishing scammers often use logos from reputable organizations and businesses as part of their scam. However, these logos might sometimes look blurry, fuzzy or low quality, which is usually an indicator that the email or text message isn't from an official source. If you have to squint and strain your eyes to make out a logo, it's likely phishing.
The URL looks suspicious
- If you see an email from us asking you to update your account, be careful! Scammers often impersonate famous or popular companies so that they can trick you into thinking it's a legitimate request from the company. If it looks fishy, simply don't interact with the link in question.
- You need to use the command "Control-C" to copy the link, then paste it into a text editor program like notepad. This will allow you to investigate the URL without being redirected to the potentially bad web page.
- To check a link's URL on mobile devices, hold it with one finger and tap the menu button.
What are the types of phishing emails and SMS?
Phishing messages can come in many forms, big or small. There are some types that are more common than others. For example:
Suspended account scam
A particular phishing scam takes the form of a notice that your bank has been suspended due to unusual activity. If you have not opened an account with a bank that sends out such notices, then you won't be affected by this if you are vigilant enough and take the appropriate steps to verify the authenticity of such messages.
Accordingly, don't open any links enclosed in such email messages just to make sure you won't fall prey to hackers who send out fake bank accounts' notices claiming a suspension related to unusual activity.
Two-factor authentication scam
Two-factor authentication, or 2FA, is a lot like the popular song “Happy Birthday”. In fact, that tune is so commonly heard these days that most people don't pay attention to it anymore. This kind of authentication has become rather standard, which is why scam artists know they can take advantage of this service that is meant to protect your identity when logging into one of your accounts.
If you receive an email prompting you to sign in from an account you have not accessed in a while to confirm your identity then please be especially careful as scammers know how important it is for a person to do everything possible to protect their online identity.
Tax refund scam
Remember already that taxes are on their way, so you better make sure that your shoes are polished and ready for the season. These tax scammers know when to deliver to get your attention and trick you into thinking that there's a refund due, so be wary if you ever receive an email claiming to be from your local tax office.
Imagine how much damage one can cause with the information they collect this way! Be extra careful with anyone or anything asking for sensitive information like bank account details or even your social security number because this type of attack is specifically targeted towards individuals who might not know any better at first.
Order confirmation scam
Sometimes cybercriminals will try to trick you by sending fake confirmation emails for purchases. These emails usually contain a purchase invoice attached to the email or links that claim to contain more information about your purported order. However, criminals often use these attachments and links to infect their victims' devices with malware.
What happens when phishing goes unnoticed?
Hackers often find new ways to update old booby traps so that they go undetected by users who used to spot them regularly. Such is the case with the latest phishing evasion technique, which detects virtual machines in order to go unnoticed. Cyber security companies often use screen less computers or virtual machines (a computer file that behaves like a real computer) to determine if a website is actually a phishing page.
But now, some phishing kits contain JavaScript, a programming language on websites that allows complex functions to be executed, and which checks to see if a virtual machine is parsing the page. If it detects any scan attempts, the phishing kit will display blank pages instead of the phishing page in order not to scare away its victims.
As more people start using virtual machines to protect themselves against cyber attacks, it's important we keep up with hackers' methods of detecting this so we can protect ourselves better.
Why do people fall for these types of cybersecurity scams?
Cybercriminals will use whatever works, which means they'll manipulate your fears, greed and even your ignorance of The Dark Web to get you to hand over sensitive information. In an effort to obtain personal information from their victims, cybercriminals will often use money as a way to attract people's attention via emails claiming there's a way for the user to earn some kind of reward either by completing or sharing the provided form.
5 Ways to Prevent Phishing Attacks
1. Get free anti-phishing add-ons
Most browsers nowadays will enable you to download free add-ons that help you spot the signs of a malicious website or alert you about phishing sites. These are gadgets that should be added to every device in your organization.
2. Don’t give your information to an unsecured site
Always ensure that the URL of a website begins with “https”, and you see a closed padlock icon next to it. Only then can you trust a site, as it has been certified for security. Sites without certificates may not be intended for phishing, but better safe than sorry!
3. Rotate passwords regularly
You should get into the habit of changing your passwords daily so that you prevent an attacker from gaining unlimited access to your digital accounts. Although it might be less convenient to frequently reset passwords, it gives you a safety net in the event someone were to attempt to breach security at either end. The more complex your digital security, the stronger each layer of defense will be.
4. Install firewalls
A firewall is an effective way to prevent external attacks, acting as a shield between your computer and an attacker. Network firewalls reinforce the performance of desktop firewalls. Attackers can be repelled easily by implementing two-factor authentication security tools in addition to your firewall.
5. Have a Data Security Platform to spot signs of an attack
If you happen to be the victim of a successful phishing attack, it’s vital that you’re able to act promptly and stop the attacker in his/her tracks. If you have an IT security platform in place, odds are it will automatically alert on anomalous user behavior and unwanted changes to files.
Security platforms can identify the affected account so that appropriate actions can be implemented immediately and thereby potentially protecting other accounts from danger.