How to Recognize Phishing and avoid falling for scams

How to Recognize Phishing and avoid falling for scams

Have you ever been sent emails or text messages that look suspicious? or even received phone calls or stumbled on websites that look tricky?

For example, an email was sent to you from your place of work or even from a store where you purchase things, and you read through it but you notice something isn't right about the email that has been sent to you, either the email address, the graphics or even the language, spelling and grammar (the content of the mail), then you do thorough findings and you realized that the email is fraudulent? Yes, that is Phishing.

This is what scammers do, they use emails or SMS to trick you, so that you can give them your details, but don't worry, there are several ways to prevent yourself from this type of scam.

This is what I will be covering in this article:

  • What is Phishing?

  • Types of Phishing.

  • How to Recognize Phishing.

  • How to prevent Phishing.

What is Phishing?

The term "phishing" is based on the word "fishing," which works on the concepts of bait as attackers are essentially casting out bait in the form of deceptive messages or websites to "hook" unsuspecting victims.

Image: Malwarebytes

Phishing is a form of social engineering and scam where attackers deceive people into revealing sensitive information or installing malware such as ransomware. Phishing attacks have become increasingly sophisticated and often transparently mirror the site being targeted, allowing the attacker to observe everything while the victim is navigating the site, and transverse any additional security boundaries with the victim. (Wikipedia)

According to Check Point, "Phishing is a type of cybersecurity attack during which malicious actors send messages pretending to be a trusted person or entity. Phishing messages manipulate a user, causing them to perform actions like installing a malicious file, clicking a malicious link, or divulging sensitive information such as access credentials".

Phishing remains a threat in our digital space that's why it is essential to stay vigilant and take careful measures to safeguard sensitive and personal information.

Types of Phishing

  1. Email Phishing: This type of Phishing attack is often sent through emails, to trick individuals into giving away their personal or sensitive information. Most times these attacks (bulk attacks) are not targeted but sent to a wide range of audiences. This attacker can use stolen information to install malware, steal money, or even target some specific Organizations.

  2. Spear Phishing: is a phishing attack that targets a specific individual or Organization. This attacker can trick this individual organization into believing that they are legit.

    IBM also penned "A spear phisher studies the target to gather information needed to pose as a person or entity the target truly trusts such as a friend, boss, co-worker, colleague, trusted vendor or financial institution or to pose as the target individual. Social media and social networking sites—where people publicly congratulate coworkers, endorse colleagues and vendors, and tend to overshare about meetings or events or travel plans—have become rich sources of information for spear phishing research".

  3. Whaling: The attacker uses spear phishing techniques to target senior executives and other high-profile individuals to steal large sensitive data.

    Attackers research their victims in detail to create a more genuine message, as using information relevant or specific to a target increases the chances of the attack being successful.

  4. Clone Phishing: Clone phishing is a type of attack where a legitimate email with an attachment or link is copied and modified to contain malicious content. The modified email is then sent from a fake address made to look like it's from the original sender. The attack may appear to be a resend or update of the original email.

  5. SMS Phishing: SMS phishing is a type of phishing attack that uses text messages from a cell phone or smartphone to deliver a bait message. The victim is usually asked to click a link, call a phone number, or contact an email address provided by the attacker. They may then be asked to provide private information, such as login credentials for other websites.

How to recognize Phishing

Phishing emails and text messages can trick you into clicking on a link or opening an attachment. You might get an unexpected email or text message that looks like it’s from a company you know or trust, like a bank, a credit card or a utility company. Or maybe it’s from an online payment website or app. The message could be from a scammer, who might

  • Say they’ve noticed some suspicious activity or log-in attempts (they haven’t).

  • Claim there’s a problem with your account or your payment information (there isn’t)

  • Say you need to confirm some personal or financial information (you don’t)

  • Want you to click on a link to make a payment (the link has malware)

  • Say you’re eligible to register for government funding (it’s a scam)

    Read more about it here.

How to prevent Phishing

  1. If you are an organization, have employee awareness training, Ensure you educate them on Phishing and how to prevent it so that your organization does fall victim.

  2. Protect your computer by using Anti-phishing software.

  3. Protect your data by backing it up you can back up the data on your computer to an external hard drive or in the cloud. Back up the data on your phone, too.

  4. Always check URLs before clicking to ensure they match the website's domain

  5. Always approach emails or messages with caution. Verify the sender's identity before taking any action, especially if the message requests sensitive information.

Conclusion

By staying informed, cautious, and proactive, you can protect yourself and your data from falling victim to these malicious schemes. Remember, the best defense against phishing is knowledge and skepticism. Stay safe online, and always think twice before clicking that link or sharing sensitive information.

RELATED ARTICLES:

IBM: What is Phishing?

FEDERAL TRADE COMMISSION: How to Recognize and Avoid Phishing Scams

imperva: Phishing attacks

Wikipedia: Phishing