Carefully checking your emails for legitimacy is first and foremost. In addition to ensuring emails are legitimate, it is helpful to be aware of some specific types of phishing attacks. This way you can recognize other ways to indicate something “phishy” is going on.
- Deceptive Phishing – Email appearing to be from a legitimate contact tricking you into giving out personal information or to download a harmful file to your device.
- Spear Phishing – More sophisticated form of deceptive phishing using specific details from research that the scammer uses to make it more customized to the individual or business.
- CEO Fraud – Attempt to trick executives specifically to give out login credentials, sensitive company information, or used to get income tax information (W-2 phishing) about employees.
- Vishing – Phone calls are the method for this type of attack. Calls appear to come from a number that may be familiar to you, your location, a bank, or another company you are known to do business with.
- Smishing – Smishing happens via text messages. Large group of recipients are contacted by a disguised scammer using a generic greeting in an attempt to get a response from a “bite”.
- Pharming – Hackers use cache poisoning against a domain name system to change the IP address of a legitimate and safe website so visitors who attempt to go the site get redirected to a malicious site.
All of these phishing attacks are created to exploit personal/confidential information from the individual. They will use emails, phone calls, text messages, or even redirected websites to attempt to deceive individuals and businesses.
Knowing some cybersecurity basics and practicing them will help protect you, your business, and reduce the risk of a cyber attack.
What to look for and what to avoid:
- Generic greetings or salutations
- Grammatical mistakes and/or spelling errors
- Be cautious of what information you make available on social media accounts
- Avoid public postings and comments containing information that can help scammers target you
- Don’t answer calls from numbers that don’t display a valid name on the caller ID, if you do answer the call get off the call as soon as possible, and if possible block the number.
- Ignore or delete text messages, or emails that appear to be spam or junk. Do not reply to those messages. If you feel it may be legitimate, call – don’t text – the company to discuss the matter over the phone.
The best defense against these phishing techniques is you. Be diligent and take extra time on researching anything you feel is suspicious. Have good antivirus protection, spam protection, and maintain your devices system updates. Only enter login credentials on websites if you see the HTTPS-protected acronym or the lock symbol next to the website name. Secure all of the devices on your network and help others by teaching them the importance of security.