Phishing: Don’t Take the Bait

If you’re a fan of the outdoors, then you probably enjoy fishing. Once you hook an unsuspecting fish and begin to reel it in, there’s a bit of excitement and adrenaline because you finally caught something! The cybersecurity threat phishing is named so because it is similar in that the “phisher” is waiting for an unsuspecting victim to take the bait. Let’s look at some of the different types of phishing and how you can avoid them.

Vishing

Vishing is phishing over the phone. This type of phishing is trying to get you to give personal information that can be used for identity theft. Oftentimes, the “visher” pretends to be from a legitimate company to trick the people they are calling. They may even pretend to be a relative of yours to add a sense of urgency to their request to prevent you from to realizing that the person on the other end of the line is not actually your relative.

To avoid this scam, you can do a few things. If you receive a phone call from a supposed legitimate company asking for personal information for any reason, do not give it to them. Hang up your phone and lookup the phone number of the company they said they were from. Call that number and ask if it was a legitimate call. If it was, no worries – better safe than sorry. If it wasn’t, then you saved yourself from a mess of issues! If it’s someone pretending to be your relative, don’t act on impulse. Before you do anything, assess the situation and make your decision from there.

Spear Phishing

This is a phishing attempt that is personalized to one person or company. It’s possible that they imitate a connection of yours and ask you for personal information (like passwords or pins) to gain access to your accounts. These types of phishing attacks are common and convincing.

How can you avoid spear phishing? Always be hesitant. If something looks fishy, don’t take the risk. Don’t reply to emails or texts you’ve received from your ”friend” and instead, reach out to them – separately – and ask if they really did contact you.

Email Spoofing

Email spoofing is a specific type of spear phishing. This is when you receive an email from a familiar email address or username with the email body being relevant to your job or relationship with the “sender.”

One way you can avoid falling for this is very carefully going over the sender’s email address. If it looks like it might be a fraudulent email, delete it. You should also inform the person it was imitating that their email account may have been breached.

Website Spoofing

This is similar to email spoofing, but requires more effort from the phisher. They create a website by copying a popular and reputable website (like Facebook, eBay, banks, etc.) and make the URL almost identical to the legitimate site’s URL.

There are a few ways to avoid website spoofing! The tedious (but very effective) way is to type the link to a website out yourself instead of copying it from somewhere. You can also download a third party tool that protects your browser from going to those sites.

Brand Impersonation

This is kind of spear phishing, but in a different sense. These phishing attacks aren’t specific to one person, but to a group of people with similar interests. These types of attacks are popular because big-name brands have credibility and users are more likely to trust emails sent from them. These emails will look like legitimate emails, like a purchase receipt or tracking number.

If you think you’ve been sent a brand impersonation email, don’t click any links in it. If the email is asking you to verify payment information or a password, go to the actual company’s website (type it in the URL bar yourself), log in, and see if there are any notifications or verify your information on your own. You could also give the company a call and ask if the email you received is legitimate. Whichever you do, never click links in the email if you think it might be fraudulent.

URL Phishing

URL Phishing uses hidden links to trick you to go to a fraudulent website. They also can send you to a URL that is similar to the actual website – amazon.com looks a lot like arnazon.com. Another thing phishers can do is shorten their fraudulent site’s URL to make it look more authentic.

To avoid this, type in the link manually instead of clicking it. Or, meticulously look over the link before you click it and determine from there if you think it is legitimate. You can also hover over links to see if they are going to take you to where they say they are. If it looks like it’s going to take you somewhere malicious, do not click it.

Scammers are smart. They know how to target and trick people. When it comes to personal information, you should always be careful with what you give out. Always verify before you do anything. Most importantly, if it looks suspicious ignore it.