What are Phishing Attacks?
You know that stomach-sinking feeling when you realize that someone has pulled the wool over your eyes, conning you and making you feel like a total buffoon at the same time? Spurned soap opera spouses know it well, and to be honest it’s probably happened to all of us at some time or another.
Unfortunately, for victims of phishing attacks, a nasty form of online identity theft, this lousy feeling may be all too familiar. In phishing attacks, fraudsters commit identity theft typically by sending phony emails that masquerade as legitimate in order to trick Internet users into submitting personal information to illegitimate websites.
Types of Phishing Attacks
Spear phishing: In a spear phishing attack, a malicious hacker gathers detailed information about a specific individual, role, or organization, in order to target their victim more easily. By presenting believable details about his/her bank, favorite places, title at work, etc., the attacker increases the likelihood of success.
Whaling: Whaling attacks are similar to spear phishing attacks. However, they are specifically targeted at executive officers or other high-profile targets within a business, government or other organization (the "big fish") in order to swindle the upper manager into divulging confidential company information.
For instance, while a spear phishing attack may frighten the target with claims that his account has been charged, and that he must enter his personal data to confirm it, a whaling attack may take a more executive level-form such as a legal subpoena, customer complaint, or executive issue.
Industries Targeted by Phishing Attacks
As much as we'd like to think, "Oh that'll never happen to me. I'm much to smart to fall for that", the fact is that phishing attacks are still around because they work. Knowing if your industry is a high target risk for cybercriminals can help you stay vigilant. A study done by Kaspersky Lab in 2015 (see graphic) identified phishing trends among industries, with banks, for obvious reasons, topping the list.
6 Ways to Avoid Phishing Attacks
1. Learn to Identify Suspected Phishing Emails: There are some qualities that can denote a phony email:
- Requires urgent, immediate action be taken by the reader
- An unofficial “from” address—it may be similar to, but not exactly the same as, a company’s official email address
- Generic Greeting such as “dear customer” or “dear member”
- Spelling errors, poor grammar, or inferior graphics
- Requests for your personal information such as your password, Social Security number, or bank account or credit card number
2. Never Email personal or financial information, even if you are close with the recipient: You never know who may gain access to your email account, or to the person’s account to whom you are emailing.
3. Do not click on links, downloads files, or open attachments from unknown email senders: Delete the email from your inbox and empty your deleted items as well to avoid accidentally accessing the website it points to.
4. Beware of pop-ups and follow these tips:
- Do not click on links in a pop-up screen
- Do not copy web addresses into your browser from pop-ups
- Do not submit personal information in pop-up screens as legitimate enterprises will never ask for this through pop-up screens
5. Ensure Your Antivirus is Up to Date: That way, if you do happen to end up on a malicious site, you have the best protection possible. Also ensure that all your browsers, plug-ins and apps are patched and up to date as well.
6. Check your online accounts and bank statements regularly: Ensure that no unauthorized transactions have been made, and if possible, dedicate an entire computer solely for accesing financial accounts and paying bills. This minimizes the chance of cybercriminals getting at your data through email or web surfing.
How to Report Phishing Emails
If you suspect you have received a phishing email, forward the email to firstname.lastname@example.org (The Federal Trade Commission). Also forward it to the company, bank, or organization impersonated in the email. You can also report it to email@example.com. The Anti-Phishing Working Group—which includes ISPs, security vendors, financial institutions and law enforcement agencies—uses these reports to fight phishing. If you have unfortunately fallen prey to a phishing attack, file a report with the Federal Trade Commission at www.ftc.gov/complaint and visit the FTC’s Identity Theft website to find steps you can take to minimize your risk.
Stay off malicious hacker's cyber hooks by keeping a wary eye on your inbox and immediately deleting any suspicious emails before they can wreak havoc to your network.
What are your experiences with phishing attacks? What tactics, if any, do you use to avoid them? Comment in the section below.