What is a phishing attack?
Phishing is a type of social engineering attack, designed to steal data, including login credentials, credit card numbers and personal information. Usually, an attacker sends a fraudulent message, that appears to come from a reputable and trustworthy source. This is usually performed through email or text messages. The victim is tricked into clicking a malicious link, which can lead to the installation of malware or the revealing of sensitive information. Moreover, by sending you to a web page that looks legitimate but is actually a phishing website, attackers manage to trick you into giving your details; then they can use this sensitive information for account takeover or identity theft.
What are the different types of phishing attacks?
Email phishing:
Email Phishing is the most common type of phishing. Those emails usually are not personalized or targeted to a specific individual or company – this is termed “bunk phishing”. A personalized email can also occur, although not so often as those targeted attacks require more time. This is called “spear phishing”.
Attackers are educated to mimic actual emails from a spoofed organization. They often use the same phrasing, typefaces, logos, and signatures, which makes it very hard to detect a phishing email. Usually, attackers will try to push users into action by creating a sense of urgency as this inspires a sense of fear and promotes hasty actions. For example, scammers may ask you to change your e-banking account’s password because it has allegedly been stolen. Lastly, a link is attached. The links inside messages resemble their legitimate counterparts, but typically have a misspelled domain name or extra subdomains. Probably the website the link leads you appears very much alike to the one you expected (for instance your bank’s one).
Additionally, attackers may attach a file to the email sent. For instance, a pdf file you have allegedly asked for. By downloading this, malicious software may be installed on your computer.
SMS Phishing
Smishing, or SMS phishing, uses text messages instead of emails to trick victims. That can be extremely dangerous as most people are aware of email phishing, but many may not know to be prepared for SMS phishing attacks. Additionally, scam SMS messages can be inserted into ongoing text message discussions and made to appear as though they are from reliable sources!
Voice Phishing
Vishing, or voice phishing, is a fraudulent phone call designed to obtain sensitive information. Instead of using written messages, scammers may either use real callers or automated text-to-speech software and call their potential victims in order to steal their personal information. For example, someone pretending to be a doctor may call and ask you for your banking credentials in order to perform surgery on your loved one; or you may receive a call from someone pretending to be a support agent for your company and ask for your login credentials.
Calendar Phishing
Calendar phishing is when phishing links are delivered via calendar invitations. Attackers will only need your email address to send you an invite, and the event will be placed in your calendar by default. By clicking into what-you-think-is a meeting link, malicious software can be installed on your computer.
How to avoid phishing scams?
- Beware of urgency: Phishing emails often lure you with urgency. You may feel the need to take immediate action. But, if it really was urgent your bank wouldn’t have sent you an email, especially asking you to verify your card information or change your e-banking password.
- Check for grammar errors: Vocabulary spellings and grammar mistakes are common in phishing emails. Double-check the text that has been sent to you. Vigilance is key.
- Check the link: The link sent may appear like your institution’s or your bank’s. But, by checking it, you can detect small differences or changes to the domain names.
- Check the sender: Always make sure that the emails you receive come from a trustworthy source.