What is phishing?

Knowing what phishing is — the first step in protecting your­self

Online criminals use phishing attacks to get your personal details or login information. This is typically achieved by sending you to a web page that looks legitimate but is actually a phishing web­site. On the phishing web­site, you are tricked into giving your details, such as login credentials and other sensitive data to criminals. This sensitive information can then be used for account take­over or identity theft.

Phishing can also be used to infect your device with malware. To install malware on your device, the criminals may mask it as some­thing intriguing, such as important documents, or viral cat videos. Any­thing goes in these phishing attempts, as long as it gets your attention. These types of viruses are called trojans, after the Trojan horse of Greek mythology.

What are the different forms of a phishing attack?

Phishing attacks come in different forms that are all used to prey on individuals and organizations in order to gain their sensitive data or install malware. Even if you are prepared and know how to avoid suspicious emails and phishing web­sites, there are other ways for carrying out a phishing attack. Some of the most common ones in addition to traditional phishing scams include spear phishing, smishing and vishing. Let’s take a closer look at each one of these scams, so you’ll be better prepared once you encounter them.

Spear phishing

Whereas phishing attacks can be sent to victims at random, a method called spear phishing is more targeted. In spear phishing attacks, the scam is aimed at a specific individual or organization. Although spear phishing requires more effort and preparation from the attacker, a spear phishing attack is more likely to fool its target.

Smishing

Smishing, or SMS phishing, uses text messages instead of emails to trick its victims. What makes smishing attacks especially dangerous is that they use text messages rather than emails. Whereas most people know to avoid phishing emails, many may not know to be prepared for SMS phishing attacks. On top of that, scam text messages can be injected into pre-existing text message conversations and made to look like messages from trust­worthy sources.

Vishing

Instead of using written messages, phishing can be carried out with phone calls as well. This is referred to as vishing or voice phishing. A vishing scam may use either real callers or automated text-to-speech soft­ware. Either way, the goal of a vishing attack is the same as with phishing: gaining access to the victim’s personal information that can be exploited by the attacker.

5 ways to avoid phishing scams

Anti-phishing measures start from knowing what phishing is and how it works. Here are 5 tips that can further help you avoid falling into phishing scams and identifying phishing messages.

1. Remember that you are your greatest vulnerability

Nobody becomes a victim of a phishing scam with­out being tricked into implicating them­selves. A successful phishing scam generally requires you to open a phishing email, click a link or open an attachment. Usually, there are additional steps, like clicking Enable Content to allow a trojan or ransom­ware to infect your device or entering your private data into a scam form.

2. Under­stand that anyone can become a victim

Phishing attacks are nowadays made by professional criminals and can be extremely hard to detect. Phishing attacks often feed on our desire for great news and our fear of bad things. For example, criminals know there is a high likelihood a victim or a member of their house­hold may be expecting a delivery. And if we weren’t expecting some­thing, we could be getting a gift. Phishing scams related to shipping are common, especially during Christmas and Black Friday seasons.

3. The many types of phishing often involve credible-looking sources

The most common types of phishing are email attachments and links. As we saw earlier, phishing attacks can also be sent in an SMS or instant message. Any­thing that enhances the credibility of a phishing attack helps the scam work. Quite often phishing attacks use the faked appearance of huge brands that you trust and expect communication from — like Amazon, your bank, FedEx or any other shipping company.

4. Beware of urgency

Phishing emails often lure you with urgency. An email that wants you to act with haste should trigger a warning. If it really were urgent, you wouldn’t be approached just by email or a message. In fact, sources like banks and credit card companies will never ask you to verify your card or information through email. If they say it’s urgent, do the smart thing and don’t click. Pick up the phone to call the sender to see if the message is genuine. By the time you start dialing, you may have figured it out for your­self.

5. Trust your instinct

This might sound like a vague tip, but considering all the others, it’s the most crucial one. After all, not every­thing is a scam on the internet. The hard part is to tell the difference between a real and a phishing web­site or a genuine and a scam email. In the end, it’s up to you to do that. So, every time you encounter some­thing suspicious, ask your­self: is this some­thing you expect? Do you trust the source? Can you verify this some­how? For example, search the internet or call the sender. If the answer is no, then it’s better to be safe than sorry.