Don’t Get Hooked by A Phishing Scam
When someone talks to you about the dangers of online scams, you might find yourself wondering “what’s so bad about fishing?” Well, unfortunately, they are not referring to fishing in the way that you might think.
Phishing, like fishing, involves an attempt to catch some unsuspecting prey, and like a fish dangling from a wire, you definitely don’t want to get hooked. There is no catch-and-release here.
What Exactly Is Phishing and Spear Phishing?
Phishing involves metaphorically casting a net, hoping to catch something—in this case, your information.
Originally, phishing was defined simply as an attempt to obtain a victim’s online username and password. Over time this has evolved to include any message-based attack by a cybercriminal attempting to pass themselves off as someone or something that is known to you, whether that be a personal friend, a bank, or virtually any other well-known online entity.
The messages used in these attacks are often convincing-looking emails that are sent out to millions of unsuspecting recipients. The cybercriminals have no real way of knowing who will respond, but it is simply a numbers game; the more emails they send, the more potential victims they will find.
Spear phishing is similar to phishing, but narrower in focus. Rather than sending out millions of random emails, spear phishing relies on a smaller number of targeted messages
When spear phishing, the cybercriminal researches a victim, often using social media such as Facebook. They are then able to create customized emails that appear much more legitimate and are thus more likely to fool a potential victim.
While email is often the method of choice, other types of messages are also used, including instant messages and social media posts.
A Direct Threat to You
You, your devices, and your personal information represent a tremendous amount of money to cybercriminals, who would be extremely happy to catch you on their hook. Although you may not yet be aware of it, you are a target for them, both at home and at work.
The single best defense that you possess against these scammers is your own awareness. Be on the lookout for any email or other message that seems suspicious. A phishing attack will only prove harmful to you if you take the bait.
What to Look for in a Phishing Attack
While some phishing attacks can appear very convincing, there are often a number of factors that give them away. By being aware of them and knowing what to look for, you reduce the risk of being caught. Specifically, some things to watch for include:
- Email Addresses. Check the sender carefully. It may look like it is coming from a legitimate source, but if a business sender is coming from a personal account such as @gmail.com or @hotmail.com, then you may be dealing with an attack.
- The CC Field. If the email is being sent to other people that you do not know and do not work with, this is another warning sign.
- Phishing attempt are often addressed to “Dear Customer” or “Dear (your email address)”. Any legitimate business with a reason to contact you should be aware of and use your name. Also, do you have any reason to expect a message from the sender?
- Grammar and Spelling. Fortunately, for all their cunning, cybercriminals tend to have poor grammar and spelling. A legitimate company email should be free of errors.
- Call to Action. Phishing attempts often include the suggestion that you must act immediately to avoid an unpleasant situation, such as accounts being cancelled or something similar. This is done in an effort to frighten you into acting before thinking.
- Links and Attachments. If you are not expecting an attachment, don’t open it. Similarly, if you are sent a message to a link, hover your mouse over it and it will show the true destination of where you would be sent if you choose to click it. If it doesn’t match what the email represents, this is an attack.
- “This is too good to be true!” Generally, yes. If it sounds too good to be true, it likely is.
- When a Friend is Not a Friend. There is also always the possibility that a friend’s computer has been hacked or infected. If an email seems suspicious to you, even if it’s from a friend, it’s better to verify it before opening it. Call up your friend to say hello and see if they sent it.
Swimming in Dangerous Waters
While you needn’t become paranoid about every email or message you receive, you definitely should remain cautious and aware. Trust your instincts. If something seems odd, verify it before trusting it. Phishing attacks are to be taken seriously, but with a bit of awareness and vigilance, you will be able to keep yourself– and your assets– safe.
If you don’t want to get hooked and end up in someone’s frying pan, contact Safe Harbour today!