We keep ranting about how dangerous phishing is – and we’re not going to stop, because it’s a dangerous online threat that claims a lot of victims. That’s because it’s not that easy to spot, because hackers have continued to develop new ways to con people into falling for their tricks. Let’s go through some of the ways that cybercriminals operate their phishing scams, and how to avoid the traps.
What is Phishing?
You may know already what phishing is and how it works, but here’s a quick reminder. Phishing scams work by targeting network users, who already have access to a company’s IT systems. The logic is simple. It’s a whole lot easier to fool somebody into handing over the keys than trying to storm the premises and get past all the security that’s there to keep intruders out. Why would hackers expend more energy than they have to? Phishing attacks can be general, targeting a whole range of people, or they can be carefully crafted and aimed at a specific target, with a specific goal.
Phishing by Email
Phishing emails purport to be from a sender you can trust, with a view to fooling recipients into supplying sensitive information.
- Dangerous Attachments – Attachments that users download are commonly used to spread malware and infect computer systems. Often it will be a single document, but it could be a ZIP file. Either way, they’re dangerous.
- Spoofed Senders and Links – An important part of the con is leading recipients to believe that the sender is for real. Always look closely at the sender’s details, so you can spot fake senders and website links.
- Language Errors – Communications sent from large organizations are usually scrutinized carefully for mistakes before being distributed. Spelling errors, bad grammar and strange expressions are often a sign that the sender is not who they say they are.
Smishing
It’s not just emails that are used for phishing scams. Phishing via text messages is known as ‘smishing’. Once again, there are warning signs to look out for:
- Strange Phone Numbers – Check the number the message that comes from. If it doesn’t come from a cellphone number, it could be that hackers are using an email-to-text service instead.
- Personal Details – Personal details in the body of the message could be part of a strategy to persuade you that the sender is a real person who can be trusted.
Vishing
Sometimes scammers will call potential victims directly, with a view to making them hand over information that they can use. Here are some things to look out for:
- Too Good to be True? – They say that if something is too good to be true, it probably isn’t. Scammers will usually try to entice their targets by offering rewards that are almost irresistible. If it sounds like an unbelievably good offer, it might be just that.
- Too Many Personal Details – Scammers can find out a lot about you online. If an unknown caller seems to know a lot about you, that’s not a good sign.
Phishing by Social Media
If you think social media sites are relatively safe places, think again. Hackers can hijack accounts to get hold of your personal details. Here are some issues to look out for:
- Duplicate Accounts – It’s possible for cybercriminals to make a copy of your social media account and then send invites to connect to your contacts. Again, even if a message seems to come from someone you know and trust, be cautious and verify that it does if there’s any doubt.
- Fake Links – Scammers exploit all avenues, and social media platforms offer them various opportunities. It’s a good way for them to spread links to fake websites where they can induce people to share their personal information.
- Integrated Phishing – Another trick is to use social media platforms’ messaging facilities to extract information by pretending to be persons in authority.
Being aware of the ways in which phishers operate goes a long way to staying safe and not falling for their tricks. If you need additional help with your business cybersecurity and IT, call Quikteks at (973) 882-4644 today.