Phishing | 8 Types and How to Protect Yourself
First off, what is phishing?
Phishing is one of the most common types of fraud that may affect your business. It’s an insidious form of fraud that can be prevented and protected against with proper education, user training, and up to date security measures. To understand how to protect yourself, you will first need to have a good understanding of how phishing scams work.
It is defined as “the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers.” It’s a type of fraud that uses social engineering to psychologically manipulate people to give up valuable information.
In fact, most cyber attacks come from phishing scams. There are many variations of phishing, and they can be aimed at businesses or toward individuals.
8 Types of Phishing
An attack on an individual is known as spear phishing. It is the widest spread type of phishing there is.
This is a form of scam where a previously sent, authentic email is replicated and sent with a malicious link or attachment that has been disguised to look like a part of a legitimate email. Clicking on the attachment or email will infect and exploit the user's machine.
This refers to the practice of targeting executives and high-ranking members of a business. These scams are often more sophisticated and involve sending an email that appears to be a subpoena, a customer complaint, or another important issue. It requests that the target downloads malicious software or clicks on a malicious link. Often times a wire transfer is requested, asking for money to be transferred to what appears to be a legitimate source, but is actually redirected to the scammer.
These scams will involve disguising a link contained within an email so that it looks legitimate, but leads to a malicious website that can often time mimic a trusted website. Users are then at the mercy of the phisher and will input sensitive data under the belief that they are using a secure website.
Any good email client will have built-in filters to detect and eliminate phishing emails. But the people behind these scams are always working to get past them. Scammers will use images to bypass email text filter detection, but the filters are becoming more advanced in order to prevent techniques like this from working.
Scammers will often create a website that looks exactly like a trusted website and then asks users for personal or company information. Phishers will create a cloned website of a trusted brand and offer a deal, and when the user inputs their information to make a purchase, their credit card is fraudulently charged.
This type of scam can involve infecting a trusted website with malicious software. A user will be faced with a malicious pop-up that requests login information but appears to be legitimate. The scammer can then gain access to personal information and even control over the user's account.
Not all phishing attempts are made online. Phone phishing involves real people calling and pretending to be a legitimate and reputable source, such as a bank. Here you will be asked for your account information which will then be exploited by the phisher. They can also come from people claiming to be computer repair services that will request remote access to your computer, or have you install malicious software.
How to protect yourself
One of the best ways to protect yourself is to be protective of your personal information. If someone is calling or emailing you, asking for personal information, you shouldn’t give it to them. Reputable companies do not call or email to ask for sensitive information.
Phishing emails will often contain spelling and grammatical errors.
You can detect malicious links by hovering over them instead of clicking, and see what web address they lead to.
Don’t give out sensitive information to people that you don’t know, especially financial or login information.
Educate your employees on the latest phishing techniques.
Protection against phishing comes down to being informed and protecting your personal information. Being wary of requests for private information can take you a long way. To learn more about phishing and some of the IT services and software available to aid in protecting your company from fraud contact us today.