What is Phishing And How Can you Avoid it?

I wrote a post earlier this year and I want to share more information about this particular topic. I received some help from Techwarn 🔥

Scams have existed since humanity took its first steps on Earth. Money is the motive for some, and this translates well into the Digital Age, where scams have become so frequent that your spam folder is the equivalent to a plague-ridden town.

One type of scam that reigns as the go-to scam for many is the phishing scam. Ever since the AOL days, emails have been sent trying to convince you that you’re the offspring of royalty, or that you need to hold on to some money for an extremely rich person. They’ll pay you back, they swear!

In these scams, you may notice the need for your bank info or card info. This is how the scam works. They tempt you with a story of grandeur, promise a significant reward, and then run away with your bank info once you reluctantly give it to them.

However, there are multiple types of phishing that you need to be on the lookout for and the best solution for avoiding certain phishing attacks.

Spearhead Phishing

When a fisherman uses a spear to fish, they’re emphasizing a quality > quantity approach. The same goes for spearhead phishing, where an attacker uses personalized information to trick their target.

For example, this attacker may find your social media account, take note of your personality type/interests, then send an email that seems authentic and enticing to you. Take care in clicking links or opening any attachments in an email, as it could be a product of spearhead phishing.

Solution

While spearhead phishing usually aims to get you to click a link and login to a website, using a password manager can be beneficial, as a password manager won’t autofill your credentials on websites it doesn’t recognize.

Mass-Appeal Phishing

Many forms of phishing take place by sending one email in bulk to thousands, even millions of people. These are the most common, usually talking about how a Nigerian prince needs your help or a random citizen needing your help storing a large sum of money.

Just check your spam folder and you’re destined to find a few of these. Mass-appeal phishing can even take place over the phone, such as those robocalls you get about your mortgage. This is the most common type and is easily the most avoidable.

Solution

Common sense works best when going through your emails or when receiving a random phone call. IF you have a bad feeling or it seems too go to be true, listen to your gut.

Download Phishing

Download phishing is a bit different from the rest, as instead of aiming for your bank info or personal information outright, the attacker attempts to make you download a malware-laden attachment. Usually, this involves spoofing an email that you know and trust then linking a .doc or .exe file.

Once you open the attachment, the malware/virus can settle onto your device, stealing whatever info it’s designed to and even destroying your device if that’s what the attacker set out to do.

Solution

Don’t click on any attachment linked in an email unless you are sure about the sender, AKA only friends, family, and close acquaintances.

The phishing scams I listed out are only 3 of the many types that take place, but these 3 are the most common. And as you may have noticed, my solution to 2/3 was being careful and using a bit of common sense (anything that is too good to be true).

You can use every antivirus and password manager on the planet, and while they may help, you are the only one who can 100% prevent phishing from affecting you. Next time you get a call from “Heather” about your car insurance, hang up immediately. If someone offers you $50,000 through email, don’t bother responding.

Well, unless you want to have a bit of fun with the attacker like a certain TED talker.

Author: Mitchel Pawirodinomo

Software Engineer | Pentester | FX Trader

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.