Phishing is a cyberattack in which the criminal sends a fraudulent email with the intent of deceiving the recipient and obtaining personal information such as bank account information, credit card numbers, and passwords. Phishing is not a new cybercrime, as it was first discovered in 1995, but it is still going strong. These five examples of common phishing attempts at scams will help you understand what to look for and how not to become a victim.
Phishing emails make up a large percentage of annual data thefts. A phishing email appears to come from a good source such as your bank, employer, or the customer service department of a large company such as Apple or Amazon. There is usually a link to click or an attachment to complete with personal information. Other requests in a phishing email may include updating your password or credit card number or acting on a social media contact recommendation.
Phishing emails are typically sent randomly, with the hopes that some people will take the bait. Spear phishing is a targeted email, referencing some information about yourself or your employer, making it look like the email is from a familiar and trusted source.
Your response to a phishing email is how the cybercriminal gets your information. It would be best if you learn more about phishing emails and how to recognize them before your personal information is compromised.
Link manipulation is a cyberattack technique in which the criminal sends you a link to a popular website's fraudulent version. The site asks you to confirm or update personal information such as your user name, account number or credit card number. The link may also take you to a web page that looks like your email provider's sign-in page. Don’t attempt to sign in from that link or your login and password will be compromised.
CEO fraud phishing is an email scam in which the hacker impersonates a company official, such as the CEO, Finance Manager, or Human Resource Manager. It typically contains an urgent request to transfer company funds to a fraudulent account or reveal sensitive company information via return email. If you receive such an email, pick up the phone and call the alleged sender. You will likely find that this is a scam with sneaky phishing attempts.
An email is not always the catalyst for a phishing attack. Smishing involves a fake social media message (SMS) asking the recipient to act immediately, such as change their password, because their account has been hacked. The message will provide a clickable link to assist in making those changes. Using that link will result in the cybercriminal stealing your personal information or installing a virus on your device.
Vishing, or voice phishing attempts, is a cyberattack in which the criminal leaves a voicemail for the victim requesting a call back immediately to avert an emergency, such as electricity turned off or bank account suspended. If the victim calls back and shares personal information, the attacker will have been successful in their hack. If you receive such a message, delete it. If you question the validity, place a call to whoever allegedly left the voicemail but do not use the phone number they left.
Malvertising, or malicious advertising, is an attack in which the attacker injects malicious code into legitimate online advertising, redirecting the user to a fake and dangerous website. Again, be careful of what you click on and never share personal information.
These are just a few of the many phishing attempts and types, but you get the point. Be very careful with what you share online and how you share it. You never know who is watching.