Phishing is a type of social engineering attack often used to steal user data, including login credentials and credit card numbers. It occurs when an attacker, posing as a trusted entity, tricks a victim into opening an email, instant message, or text message. The recipient is then tricked into clicking a malicious link, which can lead to malware installation, system freeze as part of a ransomware attack, or disclosure of sensitive information. This article will talk about the types of phishing techniques and prevention.
Phishing techniques
Here is a brief overview of five common phishing threats that often crop up in business settings. Each example features “Bob”, a mid-level employee in the finance department who is trying to get through his busy day and respond to hundreds of emails.
-
Trust abuse – Bob receives an email from what he thinks is his bank asking him to confirm a bank transfer. The email takes you to a link that looks like his bank’s website, but is actually a “fake” but identical copy of his bank’s website. When he arrives at the page, he entered his credential but nothing happened. Too late, Bob has just given his bank password to a cybercriminal.
-
fake lottery – Bob receives an email saying that he won a prize in a raffle. Bob is usually too smart to fall for this trick. However, this email comes from his boss, Joe, and refers to a charity they both support. You click and end up on a fake page that loads malware.
-
Data update – Bob receives an email from Joe telling him to take a look at an attached document. The document contains malware. Bob may not even realize what has happened. He looks at the document, which looks normal. The resulting malware could log your keystrokes for months, compromise your entire network, and cause massive security breaches throughout your organization.
-
sentimental abuse – Bob receives an email from someone claiming to be Joe’s brother-in-law. He had cancer and his insurance was cancelled. He asks Bob to donate to help him recover from his illness. Bob clicks on the link and is taken to a fake charity site. The site could host malware or simply steal Bob’s credit card information through a fake “online donation.”
-
Interpretation – Bob receives an email from his boss Joe, who says he needs money by wire transfer to a provider known as prepaid for an emergency job. Can Bob send them the money right away? He seems pretty routine. Bob transfers the money to the requested account. The money is untraceable and is never seen again.
Prevent phishing attacks
-
Stay informed about phishing techniques – New phishing scams are constantly being developed. If you don’t keep up with these new phishing techniques, you could inadvertently fall victim to one. Watch for news about new phishing scams. By finding out about them as soon as possible, you will be at a much lower risk of being caught by one. For IT administrators, ongoing security training and simulated phishing for all users is strongly recommended to keep security top of mind throughout the organization.
-
Think before you click! – It’s okay to click on links when you’re on trusted sites. However, clicking on links that appear in random emails and instant messages is not such a smart move. Hover over links you are sure of before clicking them. Do they lead where they are supposed to lead? A phishing email may claim to be from a legitimate company and when you click the link to the website, it may look exactly like the real website. The email may ask you to fill in information, but it may not contain your name. Most phishing emails will start with “Dear Customer” so you need to be vigilant when you come across these emails. When in doubt, go directly to the source instead of clicking a potentially dangerous link.
-
Install an Anti-Phishing Toolbar – The most popular Internet browsers can be customized with antiphishing toolbars. These toolbars run quick checks on the sites you’re visiting and check them against lists of known phishing sites. If you come across a malicious site, the toolbar will warn you about it. This is just one more layer of protection against phishing scams, and it’s completely free.
-
Verify the security of a site – It’s natural to be a bit cautious when providing sensitive financial information online. However, as long as you’re on a secure website, you shouldn’t have any problems. Before submitting any information, make sure the site URL begins with “https” and that there is a closed lock icon near the address bar. Also check the site’s security certificate. If you receive a message that a certain website may contain malicious files, do not open the website. Never download files from suspicious emails or websites. Even search engines can display certain links that can lead users to a phishing webpage that offers low-cost products. If the user makes purchases on such a website, cybercriminals will access the credit card details.
-
Check your accounts online regularly – If you don’t visit an account online for a while, someone might be having a field day with it. Even if you don’t technically need to, check each of your online accounts regularly. Get in the habit of changing your passwords regularly too. To avoid bank and credit card phishing scams, you should personally check your account statements regularly. Get monthly statements for your financial accounts and check each and every entry carefully to make sure no fraudulent transactions have been made without your knowledge.
-
Keep your browser up to date – Security patches for popular browsers are released all the time. They are published in response to security loopholes that phishers and other hackers inevitably discover and exploit. If you normally ignore messages about updating your browsers, stop. As soon as an update is available, download and install it.
-
use firewall – High-quality firewalls act as buffers between you, your computer, and outside intruders. You should use two different types: a desktop firewall and a network firewall. The first option is a software type and the second option is a hardware type. When used together, they drastically reduce the chances of hackers and phishers infiltrating your computer or your network.
-
Be careful with pop-ups – Pop-ups often pose as legitimate components of a website. However, all too often, they are phishing attempts. Many popular browsers allow you to block pop-up windows; you can allow them on a case-by-case basis. If one manages to slip through the cracks, don’t click the “cancel” button; such buttons often lead to phishing sites. Instead, click the little “x” in the upper corner of the window.
-
Never provide personal information – As a general rule, you should never share sensitive personal or financial information over the Internet. This rule goes back to the days of America Online, when users had to be constantly warned due to the success of early phishing scams. If in doubt, visit the main website of the company in question, get their number and give them a call. Most phishing emails will direct you to pages that require input of financial or personal information. An Internet user should never make confidential input via links provided in emails. Never send an email with confidential information to anyone. Make it a habit to check the website address. A secure website always starts with “https”.
-
Use antivirus software – There are many reasons to use antivirus software. Special signatures included with antivirus software protect against known workarounds and loopholes. Just make sure you keep your software up to date. New definitions are added all the time because new scams are invented all the time as well. Anti-spyware and firewall settings should be used to prevent phishing attacks and users should update programs regularly. Firewall protection prevents access to malicious files by blocking attacks. Antivirus software scans every file that reaches your computer over the Internet. Helps prevent damage to your system.