Online criminals use phishing attacks to get your personal details or login information. This is typically achieved by sending you to a web page that looks legitimate but is actually a phishing website. On the phishing website, you are tricked into giving your details, such as login credentials and other sensitive data to criminals. This sensitive information can then be used for account takeover or identity theft.
Phishing can also be used to infect your device with malware. To install malware on your device, the criminals may mask it as something intriguing, such as important documents, or viral cat videos. Anything goes in these phishing attempts, as long as it gets your attention. These types of viruses are called trojans, after the Trojan horse of Greek mythology.
Phishing attacks come in different forms that are all used to prey on individuals and organizations in order to gain their sensitive data or install malware. Even if you are prepared and know how to avoid suspicious emails and phishing websites, there are other ways for carrying out a phishing attack. Some of the most common ones in addition to
traditional phishing scams include spear phishing, smishing and vishing. Let’s take a closer look at each one of these scams, so you’ll be better prepared once you encounter them.
Whereas phishing attacks can be sent to victims at random, a method called spear phishing is more targeted. In spear phishing attacks, the scam is aimed at a specific individual or organization. Although spear phishing requires more effort and preparation from the attacker, a spear phishing attack is more likely to fool its target.
Smishing, or SMS phishing, uses text messages instead of emails to trick its victims. What makes smishing attacks especially dangerous is that they use text messages rather than emails. Whereas most people know to avoid phishing emails, many may not know to be prepared for SMS phishing attacks. On top of that, scam text messages can be injected into pre-existing text message conversations and made to look like messages from trustworthy sources.
Instead of using written messages, phishing can be carried out with phone calls as well. This is referred to as vishing or voice phishing. A vishing scam may use either real callers or automated text-to-speech software. Either way, the goal of a vishing attack is the same as with phishing: gaining access to the victim’s personal information that can be exploited by the attacker.
Anti-phishing measures start from knowing what phishing is and how it works. Here are 5 tips that can further help you avoid falling into phishing scams and identifying phishing messages.
1. Remember that you are your greatest vulnerability
Nobody becomes a victim of a phishing scam without being tricked into implicating themselves. A successful phishing scam generally requires you to open a phishing email, click a link or open an attachment. Usually, there are additional steps, like clicking
Enable Content to allow a trojan or ransomware to infect your device or entering your private data into a scam form.
2. Understand that anyone can become a victim
Phishing attacks are nowadays made by professional criminals and can be extremely hard to detect. Phishing attacks often feed on our desire for great news and our fear of bad things. For example, criminals know there is a high likelihood a victim or a member of their household may be expecting a delivery. And if we weren’t expecting something, we could be getting a gift. Phishing scams related to shipping are common, especially during Christmas and Black Friday seasons.
3. The many types of phishing often involve credible-looking sources
The most common types of phishing are email attachments and links. As we saw earlier, phishing attacks can also be sent in an SMS or instant message. Anything that enhances the credibility of a phishing attack helps the scam work. Quite often phishing attacks use the faked appearance of huge brands that you trust and expect communication from — like Amazon, your bank, FedEx or any other shipping company.
4. Beware of urgency
Phishing emails often lure you with urgency. An email that wants you to act with haste should trigger a warning. If it really were urgent, you wouldn’t be approached just by email or a message. In fact, sources like banks and credit card companies will never ask you to verify your card or information through email. If they say it’s urgent, do the smart thing and don’t click. Pick up the phone to call the sender to see if the message is genuine. By the time you start dialing, you may have figured it out for yourself.
5. Trust your instinct
This might sound like a vague tip, but considering all the others, it’s the most crucial one. After all, not everything is a scam on the internet. The hard part is to tell the difference between a real and a phishing website or a genuine and a scam email. In the end, it’s up to you to do that. So, every time you encounter something suspicious, ask yourself: is this something you expect? Do you trust the source? Can you verify this somehow? For example, search the internet or call the sender. If the answer is no, then it’s better to be safe than sorry.
With 30 years of experience, F‑Secure sees the online dangers you don’t. To take your anti-phishing measures to the next level, get F‑Secure Total to keep you safe. Total includes award-winning protection against viruses, ransomware, known phishing websites, and many other online threats. It also includes an unlimited VPN and a password manager.
You can try it for free for 30 days, with no credit card required.