The Federal Bureau of Investigation (FBI) estimates that $57 million is lost every year in the US due to phishing scams alone. Phishing is therefore among the top online threats.
What is Phishing?
It is a deceptive tactic used by scammers and hackers to gather your personal and financial information by mimicking a reputable company or person. It is commonly initiated through emails and text messages that contain links to malicious sites or have attachment files with hidden malware. Once you click on them, your account information and login credentials are stolen.
The scammers will then use your credentials to misuse your accounts or withdraw money from them. The goal of these scams ultimately is money obtained by the data stolen through Phishing.
Common Types of Phishing
Phishing is a broad term that encompasses a number of different attacks that scammers use to gain unauthorized access to accounts:
- Spear Phishing: A highly targeted phishing attack that builds a fairly accurate social profile of the victim, then launches a personalized assault via email. Scammers may use your real name or job title to look legitimate and so avoid arousing suspicion. This way, you are highly likely to follow the links given and submit whatever credentials are asked.
- Whale phishing: Targeting a ‘whale’ is the idea here. The ‘whale’ here is a CEO or a top executive with high access/clearance in a company. Once compromised, the whole organization can be defrauded. A CEO may have access to some business bank accounts and the credentials for accessing them may be found in his emails or computer folders.
- Pharm Phishing: This attack is aimed at strategic Domain Name Server (DNS) which once compromised, can be made to re-route all connections of a particular kind to the scammer’s phishing website. Therefore, a high number of potential victims can be deceptively redirected to a malicious page.
- Voice Phishing/Vishing: Here scammers record and mimic the voices of their target victim then use them to gain access to their sensitive data through scam calls.
- SMS Phishing/Smishing: This is a phishing tactic that’s initiated through SMS. The scammers send you a clickable link via SMS that leads to a phishing website.
5 Common Signs of a Phishing Scam
- Mis-spelt or oddly worded URLs that mimic big brands and companies like Paypal, Amazon, Apple, Netflix, Walmart. Such URLs characteristically deviate from the conventional.
- Corporate messages that originate from free email accounts, for example, an email pretending to be from PayPal email that was sent from a free Gmail account. Authentic emails will originate from the website’s own domain, such as ‘[username]@paypal.com’
- A sense of urgency and fear to get you to click on a provided link that is already booby-trapped with malware.
- Unprompted requests to confirm your email or password. Whenever you get any such email without actually trying to log in, you are being targeted for a phishing scam.
- Promotional/Marketing email with an enticing message to get you to click on a link or open an attachment. Usually, there is the promise of free stuff, discounts, free coupons, or even money.
Examples of Phishing Emails and Text Messages
Scammers do their research well. Their messages are designed to make you act on the information they feed you. Issues to do with an online account are the most common as we see here below:
- Your Account has been hacked - Follow this link to secure your account data.
- You need to Reset your password or restore your account.
