You may not notice it, but cyberattacks are happening every day, and the attacks are becoming more sophisticated. In a study by the University of Maryland, hackers attack every 39 seconds or an average of 2,244 times a day. Phishing is the process of tricking you into providing your information through deceitful means. Phishing comes in many different forms, but each one has the same objective: to deceive you. The method of capturing your data is the same as using a lure in fishing. Attackers will make a fake thing seem like the real thing, but it hides a hook that when you take the bait, they have you and your data. To protect yourself, you have to understand the way malicious attackers operate using phishing to get your sensitive data.
Email phishing scams
Email is one of the primary ways that attackers deceive people into providing their sensitive information to attackers voluntarily. Beforehand, hackers have already gathered shallow information about you that they could use to send a specific kind of email to you. Some may have even collected this information from your online behavior and history. Equipped with this information, all the hacker needs to do is compose a message that looks like it came from the reputable company or government institution (along with an excellent replica of logos, headers, and footers) that you are a part of or have an existing subscription. Listed below are some types of email messages that hackers have used in the past.
a) Bank detail renewal
A good composer and writer can make a fraudulent email message from a bank seem like the real thing that when you get an email message from the attacker, you would think that it’s from your supposed bank. The message therein would usually ask you to click on a link where you would need to update your bank information so that you can continue using their services. A website hacker would have a replica of the site at the end of that link so that the user will not suspect any malicious intent.
b) Someone wants to get to know you
For those looking for love or companionship or may have an account with dating sites, they would be receiving an email message from a prospective companion with a link that would be asking for their information to confirm their identity or to ask for their login information.
c) Donations accepted
For those who have a heart for charity or philanthropy, would be receiving an email message containing information about a need where they could help. The message would include a link that would lead to a fraudulent copy of the real website and will ask for your information for identity confirmation, or ask for your bank details for donation purposes.
For those looking for a job to be able to support themselves and their family would be more than eager to open that email message to see that they got hired. Sadly, when they click the link, a new page would open wherein they would be asked to provide further information to prove their identity or even sign-up for their supposed newsletter.
Vishing is a type of fraud where someone would be calling you to get your information. It is mainly a fear-driven call to trick you into giving up your data voluntarily. The “V” stands for voice or VoiceIP call phishing.
Here is a short video of what Vishing scams are about:
Video by NatWest © 2017
Cold call tech support scams
This tech support call is a scammer call offering service to help you take care of and protect your computer and data from malware that they have detected on their end. The scammer will be offering solutions and would be giving you steps on how to do it. They will instruct you to go to an IP address or another website where they can diagnose the problem better. In this instance, malware is added to your system, and for some cases, you would be asked to give detailed information so they could go further in providing their service to you.
Pop-up warning scams
Photo by Flickr
As the heading suggests, you would be receiving pop-ups that are mostly fear-driven to scare or force you to click the link. The pop-up is just the entry point for malicious intent. From there, the strategy of hackers is to get you to provide information or to plant malware into your system.
Phishing Defense Strategies for Your Protection
Here are some recommendations on how you can protect yourself and your sensitive information from phishing.
- Pay attention and spot the differences. Compare previous official messages from your bank or a company you are subscribed to and see if there are differences with the message you have received. A company that values its branding and identity will inform clients of any changes regarding specifics about their logo, font or behavior brand.
- Keep a keen eye. Even if hackers use real company logos and the message looks legitimate, carefully observe the sender’s email address, the address of the company, the sender’s signature, the link’s URL address and the spelling of either one.
- Be your own quality-control of your personal computer. When given a link to go to, scrutinise the URL address. If the site used to have “HTTPS” and now has “HTTP” only, it may mean that you are entering an unsecured environment. If the URL address seems legit except that it is missing one letter or may have switched their “i” and “e” or something similar, then that deserves a closer inspection.
- Double-check contact information. Whenever you receive a call from a business that you cater, politely hang up the call and proceed to get the number of the company from either their legitimate website or from previous authentic communications you’ve had with them and ask to confirm if they were offering help or services through the phone to make sure that the tech support or service call was legitimate.
- Don’t give personal info over the phone. This is very important. Never provide personally identifiable information through the phone, especially if it is a cold call.
- Never give remote access to your device. When you receive a tech support call, remember not to permit remote access to your computer or digital devices.
- Pop-up Versus App Notification. A pop-up is different from an app notification. Learn to differentiate between the two. Should you see a pop-up, activate your preferred antivirus software and run a deep scan.
- Secure your search. Use a secure search service, such as Norton Safe Search, to know if the site you’re about to visit is safe.
- Avoid clicking suspicious messages. Do not click the link from a message that you have already seen to have discrepancies in spelling, branding ar some other minor difference. If you are already suspicious, then do not click the attachment that came with it. Most malware was distributed through .doc files attachments in the email message.
- Beware pop-ups that ask for your info. Keep in mind that companies will not ask you personally identifiable information through a pop-up.
- Manually type website URLs. Manual input of the web site’s URL address ensures the website you are visiting is the real one and not a modified one to look like the real thing.
- Filter and scan your messages. Sift through the message that you have received. Look for visible signs of incorrect grammar, wrong spelling, improper logo placement or color branding. A competent company would have quality control personnel in place to protect their brand even when they send official newsletters to clients.
Do Not Feed the Phish!
Photo by MaineHost
No one is perfect and if you feel that you made the mistake of clicking a suspicious link, attachment or entered an unsecured environment online, be on the offensive and secure your computer and data. Run a deep scan, if not a full scan, for any viruses that may have infected your computer or mobile devices. Change your passwords for your personal computer, along with other password-protected accounts you may have online, including financial statements, and accounts or browsers, such as Google and Facebook, which are linked with other accounts that you use to open other separate accounts. Finally, give your bank institution a call and inform them that there is suspicion that your sensitive information has been compromised. Again, be vigilant and be on the offensive in guarding your confidential information, and be up-to-date with the latest digital transformation trends of the banking industry to keep aware of both threats and security measures available for your protection.