What is Phishing And How Can you Avoid it?

I wrote a post earlier this year and I want to share more information about this particular topic. I received some help from Techwarn 🔥

Scams have existed since humanity took its first steps on Earth. Money is the motive for some, and this translates well into the Digital Age, where scams have become so frequent that your spam folder is the equivalent to a plague-ridden town.

One type of scam that reigns as the go-to scam for many is the phishing scam. Ever since the AOL days, emails have been sent trying to convince you that you’re the offspring of royalty, or that you need to hold on to some money for an extremely rich person. They’ll pay you back, they swear!

In these scams, you may notice the need for your bank info or card info. This is how the scam works. They tempt you with a story of grandeur, promise a significant reward, and then run away with your bank info once you reluctantly give it to them.

However, there are multiple types of phishing that you need to be on the lookout for and the best solution for avoiding certain phishing attacks.

Spearhead Phishing

When a fisherman uses a spear to fish, they’re emphasizing a quality > quantity approach. The same goes for spearhead phishing, where an attacker uses personalized information to trick their target.

For example, this attacker may find your social media account, take note of your personality type/interests, then send an email that seems authentic and enticing to you. Take care in clicking links or opening any attachments in an email, as it could be a product of spearhead phishing.

Solution

While spearhead phishing usually aims to get you to click a link and login to a website, using a password manager can be beneficial, as a password manager won’t autofill your credentials on websites it doesn’t recognize.

Mass-Appeal Phishing

Many forms of phishing take place by sending one email in bulk to thousands, even millions of people. These are the most common, usually talking about how a Nigerian prince needs your help or a random citizen needing your help storing a large sum of money.

Just check your spam folder and you’re destined to find a few of these. Mass-appeal phishing can even take place over the phone, such as those robocalls you get about your mortgage. This is the most common type and is easily the most avoidable.

Solution

Common sense works best when going through your emails or when receiving a random phone call. IF you have a bad feeling or it seems too go to be true, listen to your gut.

Download Phishing

Download phishing is a bit different from the rest, as instead of aiming for your bank info or personal information outright, the attacker attempts to make you download a malware-laden attachment. Usually, this involves spoofing an email that you know and trust then linking a .doc or .exe file.

Once you open the attachment, the malware/virus can settle onto your device, stealing whatever info it’s designed to and even destroying your device if that’s what the attacker set out to do.

Solution

Don’t click on any attachment linked in an email unless you are sure about the sender, AKA only friends, family, and close acquaintances.

The phishing scams I listed out are only 3 of the many types that take place, but these 3 are the most common. And as you may have noticed, my solution to 2/3 was being careful and using a bit of common sense (anything that is too good to be true).

You can use every antivirus and password manager on the planet, and while they may help, you are the only one who can 100% prevent phishing from affecting you. Next time you get a call from “Heather” about your car insurance, hang up immediately. If someone offers you $50,000 through email, don’t bother responding.

Well, unless you want to have a bit of fun with the attacker like a certain TED talker.

Keep your information safe from phishing attempts

Stay safe, keep it to yourself 😉

Somewhere Between Fishing GIF by ABC Network - Find ...
Not fishing 😂

What does Phishing mean?

Phishing is the fraudulent attempt to obtain sensitive information such as usernames, passwords, and credit card details, often for malicious reasons, by disguising as a trustworthy entity in an electronic communication.

Hackers try to manipulate their targets to gain information about them or to steal credentials of specific systems by sending emails, sms or even by calling and disguising themselves.

What can the hackers achieve?

  • Personal Information
  • Credit card details 🤔
  • Login information

How can the data be used?

Your data has value on the black market. It can be sold to criminals to identify patterns. They’ll be able to know where you live, what your financial status is, etc.
AND buy things on behalf of your name 😤

How can you recognise these emails? 👀

  1. The email is send globally, not just you. You’re sometimes put in the BCC
  2. The email has a lot of spelling mistakes
  3. You will be threatened with consequences if you do not take any action
  4. A lot of attachments
  5. The sender is from a unknown source ([email protected])

How to prevent these phishing attempts?

  1. Be aware of the different strategies of Phishing attacks
  2. Use spam filters. Google and Microsoft have already implemented build-in filters in your mail. Most of these emails will be flagged as “unsafe”
  3. Never fill in your personal information on a website that isn’t trusted
  4. Always check the email links, hover over them and inspect the link carefully

Examples from my inbox 😝

Anyone can receive these emails. It’s up to us to know how the hackers are doing it, what kind of strategies they are using to create and deploy these attacks and to always stay up-to-date.

Some other examples can be found here

A handy cheat sheet can be found here

Conclusion

Always keep an eye out for these attacks. It’s better to be safe than sorry.
Stay up-to-date with the latest news on this particular topic, because your information is too valuable.
Keep doing those security awareness sessions.

Thank you for reading, there’ll be more coming soon.