By now, everyone has encountered a form of phishing at least once in their lives – whether via email, SMS, or social media. Not only is phishing extremely prevalent, but it’s also still the number 1 cause for cyber attacks among companies. There are several types of phishing, although they all involve a scammer providing fraudulent information to extract money or information from someone.
Let’s dive into what phishing looks like, how to recognize it, and how to avoid it using basic cybersecurity precautions.
What Does Phishing Look Like?
Phishing is often hard to recognize precisely because it is meant to trick people. Then there’s also the fact that phishing tactics keep evolving in their complexity and persuasiveness. Nonetheless, there are a few ways to identify the different phishing attempts generally running amok on the web. Here’s a look at some of the most popular tactics.
Email Phishing / SMS Phishing (Smishing)
This category covers the broadest array of phishing methods and usually goes one of two ways. The scammer will pose as a legitimate person or entity and then ask for personal information like passwords or send a link to a legitimate-looking website.
The other instance is when the scammer urges someone to pay them money either for a service or to help with an emergency. In both cases, the email or SMS will often contain a sense of urgency.
Criminals gather information about a person or company, then send emails pretending to be someone familiar, like a coworker. The email will usually either contain links, downloads, or ask for sensitive information like passwords.
This involves sending emails to people where the criminal is pretending to have incriminating evidence about the person. Sextortion is fairly common too. Usually, it’s a claim that they have photos or videos of the person in a compromising or embarrassing situation. They then ask for a ransom to be paid not to release this “evidence” online.
How to Identify Phishing Attempts
- The sender’s email address is strange: If the email is from a legitimate person or company, the email address should reflect that. If the email was supposedly sent by a company, look up their email address to see if it matches.
- The contact details look off: If the sender left any contact details, look closely at these to assess if there’s anything strange. For example, the company is situated in the UK, but the sender has a Russian extension in front of their phone number.
- Spelling & grammar errors: A lot of the time, phishing messages contain many spelling or grammar errors. This is actually intentional to catch people who aren’t savvy enough to notice that type of thing.
- Shortened or strange links: Be very careful when an email or SMS contains a shortened URL. As in, it starts with bit.ly or something similar and is just a jumble of letters and numbers. Sometimes this is legitimate, but more often than not, it’s a ploy to hide an obviously fake or malicious link.
- The email is from a stranger or was unexpected: Any emails that contain a sense of urgency or require actions like sending information or clicking on links from a stranger should be ignored. The same goes for emails that look like they’re from legitimate companies but were sent out of the blue.
How to Avoid Phishing
Be on Guard
Heed the warning signs mentioned above and be on the lookout for anything suspicious. Even with messages or emails sent by friends or contacts. Many phishing tactics use a breached account to send phishing emails or messages to its contacts list.
Always scrutinize a URL sent via a message or email before clicking on it. Remember that the part right before the .com (or .net or any other domain extension) is the actual website. So something like “amazon.random.com” isn’t going to Amazon’s website but somewhere else altogether.
Use a VPN
VPN doesn’t just protect from a host of cyber attacks; the premium ones also come with extra useful features. Like malware protection and ad blockers. These can help if a phishing attack occurs to lessen the potential impact.
Use Unique Passwords
Many phishing attacks are criminals’ attempts to get passwords for certain accounts. The problem is, many people reuse their passwords across many accounts – leaving all of them vulnerable. Don’t make the same mistake! Use a unique password for every account.
Set Up Two-Factor Authentication
Two-factor authentication is available for most online services and works by sending a one-time pin (OTP) to a separate device or account. This prevents criminals from getting into an account, even if the password is discovered.
Phishing is very common, and the only way to avoid becoming a victim is to be on the lookout for anything suspicious. Even so, sometimes an attempt slips by, and the next best thing is to be prepared. Use security tools and avoid making unnecessary mistakes like reusing passwords.