What Is Phishing? Here's How to Protect Against Attacks. What is phishing and how can you identify phishing attacks? Protect yourself against phishing with this rundown and helpful tips.
By Dan Bova
With scams on the rise, you might receive emails and phone calls from your bank or other organizations about a security breach.
But how can you tell if the alert is legitimate or something to send to your trash folder? And how can you avoid falling victim to scammers? Keep reading to learn about phishing and how to protect yourself against it.
What is phishing?
Phishing is a type of cybercrime conducted through email, phone or text message during which the sender poses as a legitimate organization to obtain sensitive data such as banking information, credit card details and passwords. Phishing is a method to steal identities, money and other personal property.
The term originates because of the "luring" nature of the scam. The "ph" comes from the word "phreaks," which was a nickname given to early hackers as the term "phreaking" refers to exploring, studying and experimenting with telecommunication systems. Because of this term, people replaced the "f" with the "ph," and phishing was born.
How phishing originated
In the early 90s, millions of people used American Online (AOL) daily. The Internet boom brought attackers whose goal was to steal people's passwords and use algorithms to unlock personal information, find credit card information and commit identity theft.
Because the internet was so new, AOL did not have the same security measures to avoid data breaches that providers have today, and many people were affected by cyberattacks.
Today, phishing is still a considerable problem, and attackers often imitate large sites like PayPal, Microsoft, Apple, Amazon and LinkedIn. Take a look below for phishing techniques and how to avoid them.
Phishing techniques
There is not just one type of phishing. There are many methods scammers use to steal personal information from their victims.
14 types of phishing attacks include:
- Spear phishing attacks.
- Session hijacking.
- Email spam.
- Content injection.
- Web-based delivery.
- Search engine phishing.
- Link manipulation.
- Vishing (voice phishing).
- Keyloggers.
- Smishing (SMS phishing).
- Malware.
- Trojan.
- Ransomware.
- Malvertising.
Most common types of phishing scams
Bank and credit cardphishing scams
These days, most people do their banking online. While online banking provides a huge convenience, it also opens people up to vulnerabilities.
Phishing attackers rely on the fact that people trust their financial institutions and assume all credit card emails are legitimate. Credit card scams are designed to look just like the real thing, so always watch out for spoof emails and credit card websites.
Email phishing scams
Phishing email scams originated with AOL but have progressed and adapted to today's security measures.
Companies must have entire departments dedicated to cybersecurity to protect their members from email scams. Email scams often contain malicious links and attachments that contain viruses or malware.
Related: AI Is Slowly Outperforming Human-written Phishing Emails, and It Is a Cause of Concern!
Website phishing scams
Website phishing scams are often done through copycat websites that are meant to trick users by imitating the real thing.
People often don't realize they are on a malicious website and enter sensitive information. Fake websites often include poor design, misspellings, pop-up windows and pushy sales tactics.
Related: Fake Apps Pose New Phishing Threat
5 common features of phishing attacks
No matter what type of phishing scam you might experience, each has some standard features to identify.
1. It looks too good to be true.
Many phishing scams may try to tell you that you've won something. However, don't fall for this ploy if you did not enter any competition.
Attackers compose attention-grabbing phishing messages to lure people in. However, if something sounds too good to be true, it probably is.
2. You're being rushed.
Many cybercriminals attempt to make their victim feel like the task must be completed immediately. Note that this is not the same as a company you subscribe to telling you that you only have one day left in their sale — that is normal.
The messages you need to watch out for are those that notify you that your account will be suspended or your subscription will expire if you don't act immediately by entering personal information.
Legitimate businesses will likely not send you these types of emails with such a sense of urgency, so keep an eye out for that red flag.
3. They include false hyperlinks.
Many hackers use malicious hyperlinks that direct people to fake websites that are meant to look like the real thing.
The links are disguised as the actual website domain name; however, if you hover over the link, it will show you the true URL, which is often one that is close but has one different letter.
For example, a phishing site might closely misspell Entrepreneur.com as Entreprenure.com to trick its victim.
4. There are mysterious attachments.
If you receive a suspicious email from an unknown or unfamiliar sender, be very careful with opening attachments. Many hackers embed ransomware and other viruses in attachments that can ruin your computer or access your personal information.
5. It is from an unknown sender.
Usually, when something looks fishy, it's phishing. If anything in the point of contact seems unusual or is from an unknown phone number or email address, avoid clicking or engaging with anything suspicious.
10 practices to avoid phishing scams
1. Stay informed.
Hackers are constantly devising new ways to procure attacks. It's a good idea to stay knowledgeable on common types of phishing techniques by searching articles or keeping an eye on the news.
When you know what to look for, you can protect yourself from falling prey to a phishing scam. Many companies also offer security awareness training so that you can identify potential phishing campaigns.
2. Consider before you click.
Links are everywhere. Not all links are bad, but clicking on texts or emails from unknown senders can lead to trouble. Sometimes it can be difficult to identify fake emails, as attackers do their best to make them look as authentic as possible.
One of the best ways to spot a fake email is by noting those that begin with "Dear Customer" instead of your actual name. In addition to that, hovering over a link in the email will show you the actual URL that might be hidden.
Related: Digital Marketers Should Be Aware of These 3 Email Security Threats
3. Utilize anti-phishing software.
Anti-phishing toolbars run checks on sites that you find questionable. The software will cross-reference the site to a list of known phishing sites and alert you if anything is dangerous.
Free anti-phishing software includes:
- Area 1 Horizon Anti-Phishing Service.
- Avanan Cloud Email Security.
- Cofense.
- GreatHorn.
- IRONSCALES.
- Mimecast Email Security with Threat Protection.
- Phish Protection by DuoCircle.
- Proofpoint Email Security and Protection.
- SpamTitan Email Security.
- Zerospam.
4. Check site security.
It can be unnerving to type in personal information like credit card numbers, login credentials, addresses or social security numbers online, but some sites are completely safe. However, ensuring you are entering that information into a secure webpage is vital.
To see if a site is secure, check authentication by:
- Making sure the URL begins with "https."
- Checking for the closed lock icon by the address bar (usually the top left, depending on your browser).
- Looking for the site's security certificate.
- Avoiding sites with warnings about malicious files.
- Never downloading files from suspicious sources.
5. Monitor online accounts.
Check your accounts at least once a month to ensure they have not been hacked. Your bank account statement will show you an itemized account of your monthly purchases, so it's always a good idea to check that they're all yours.
In addition, many online banking apps have a push notification setting that will alert you whenever a transaction is made. This can be helpful because you can know immediately if a purchase is made without your consent.
Related: Cybersecurity Is No Longer An Option. Your Money Is in Immediate Danger.
6. Use up-to-date browsers.
Browsers update their security regularly, so keeping up to date with those is an excellent way to protect yourself.
Always complete the update if your browser sends you a notification that it needs an update. Some browsers also have settings that allow for automatic updates if you prefer to automate that process.
Related: 4 Things Your Employees Are Doing Right Now That Are Compromising Your Network
7. Utilize firewalls.
Desktop and network firewalls are the security you and your computer need to ward off hackers. A desktop firewall is software, while a network firewall is hardware.
These firewalls are used together to protect your computer and personal data. While most firewalls cost money, they can be an excellent investment in the long run.
Top firewall softwares include:
- Bitdefender Total Security.
- Avast Premium Security.
- Norton 360 Deluxe.
- Panda Dome Essential.
- Webroot AntiVirus.
8. Watch out for pop-ups.
Some reputable sites do have pop-up windows that include promotional content. However, some sites fall victim to pop-up windows that are phishing attempts. You can control pop-ups in your settings, so if you want to get rid of pop-ups altogether, that is an option.
9. Guard personal information.
Once a phisher has your personal information, it's a vast process to re-secure everything, and the attack can cause long-term damage. When entering personal information onto a website, make sure you've first checked its legitimacy.
Always start from the site's home page; if you are still uneasy about it, you can always deal with an agent over the phone. In addition to that, your text and email messages should never include personal details or photos of sensitive documents.
10. Utilize antivirus software.
Antivirus software protects your computer from being infected with malicious files and phishing attacks. As long as you keep your software up-to-date, it can adapt to new scams and technology when they arise.
Antivirus softwares might not be free, but they prevent permanent damage to your system and save you money in the long run.
Top antivirus softwares include:
- Bitdefender.
- McAfee.
- ESET.
- G Data.
- Malware Bytes.
Related: The Phishing Expedition You Want to Avoid This Summer
How you can stay safe from phishing scams
In the digital age, phishing is something almost everyone experiences. The key is identifying an attack and not falling prey to scammers.
Remember to guard your personal information, avoid sites, calls, social media messages or texts that seem suspicious and go with your gut when something doesn't seem right.
Consider investing in softwares that can protect your computer against an attack and stay up-to-date on the latest scams.
For more information on cybersecurity, check out Entrepreneur.com.