How Not to Take the Bait When it Comes to Phishing
Phishing is one of the most common forms of cybercrime, with around 3.4 billion phishing emails sent each day it is nearly impossible to avoid. The good news is that falling victim to these scams can be prevented by educating ourselves on what they look like and how to report them. But first, it's important to understand what phishing actually is.
What is Phishing
Phishing is a type of cyber-attack that occurs through telecommunication channels like email, text messaging, or phone calls. A fraudulent message is sent out by the cybercriminal in order to trick people into sharing sensitive information like passwords, credit card or bank account numbers, and other personal information. These messages could also include malware disguised as links or attachments. The end goal of these messages is to steal money or information. Often, these messages can appear as though they are coming from a legitimate sender like an employer, a friend, an app, or a store.
Types of Phishing
Email Phishing: Email phishing is the most common form of phishing and is also the easiest to fall for. Any time you receive an email from an address you do not recognize, avoid clicking on any attachments, responding with sensitive information, or taking external action such as wiring funds until you can verify that the sender is who they say they are.
Spear Phishing: Spear phishing a more targeted than regular phishing. These messages include information that the attacker has learned about you to make the message more believable. This could be information about an employer, friends and family, or other personal information.
Mobile Phishing: This phishing occurs on SMS platforms for example iMessage, Instagram, Facebook, and other social media apps. Attackers will often advertise things in their messages to get the receiver to click links that will lead them to malware.
Quishing: In this new form of phishing, attackers use QR codes to trick people into downloading malware or visiting fraudulent websites by just scanning the code. This is why you should avoid scanning random QR codes or codes from unknown email addresses.
Common Targets
The most common targets for phishing are organizations and the elderly. AAG reports that around 3.4 billion scam emails are sent every day. Unfortunately, a lot of those messages are targeted at the elderly who might not be able to recognize a phish as easily as someone who uses email frequently. Organizations are targets because they have massive email lists that allow the attackers to hit as many inboxes as possible in just one attack. We should also keep in mind that the advancement of generative AI has made it easier for non-native speakers to compose more convincing messages. Phishing messages have become increasingly harder to spot in general now that cybercriminals have learned how to use generative AI to their advantage.
Best Practices to Avoid Phishing
The three things to remember when it comes to phishing are recognized, verify, and protect. It is important that you are first able to actually recognize a potential scam. Making sure to take note of the sender when looking at any messages is the first step. An unrecognized sender could lead to a threat. It is also important to recognize what the contents of a scam email look like. Scam emails could ask for a password change or verification in order for you to keep your account on a certain platform. Others ask for a card number to verify or cancel a purchase. The most common phishing messages are made to look very official to mislead you to click on a link. The key is to pay attention to the sender's email address.
If you do get past the recognize step, then it's time to verify. You need to verify the sender. So, if you recognize the email address, make sure the whole address is correct. If it is only one letter off, it could be a phishing email. If the address is completely correct but the contents of the message are strange, then verify with the sender. You can message the sender on another platform to confirm that they sent you an email that is safe to open. The same goes for text messages or calls from unknown numbers. You always want to confirm that the sender is safe before engaging with any message.
If you take those steps and the email turns out to be safe, great! If you couldn’t recognize or verify, then it is probably a scam and now you can move onto step three, protect. To protect yourself you’ll want to delete the message and block the sender, but not before reporting the message. There are several ways to report a phish. Most employers have an address that the email can be forwarded to so that an IT team can take a look at it. If you want to go beyond that, you can find several helpful steps here. When is comes to phishing, you can never be too safe, so make sure you are always taking the appropriate steps to recognize, verify, and protect.
