What is phishing?

Phishing is a form of cyberattack. It involves a target or targets being contacted by email, text message or telephone. The person initiating contact poses as a legitimate institution in order to lure individuals into disclosing sensitive data. This can include personally identifiable information, passwords or banking/credit card details.

Once the attacker gains this information, they use it to access accounts This can result in identity theft and financial loss.

When did phishing attacks begin?

The first lawsuit relating to phishing was filed in 2004. It involved a teenager who created an imitation of the ‘America Online’ website. He used this to gain sensitive information from users then stole money from their accounts. Since then, phishing has become one of the most common forms of cyberattack and there are many different types of phishing attack.

What types of phishing attacks are there?

The 5 most common types of phishing attacks are:

• Email Phishing: An email that appears to be from a trusted institution appears in your inbox. The email says you need to enter details to claim a reward or address a problem. When you enter those details, you divulge them to the thief. These emails are usually sent to thousands of people, casting a wide net to maximise the chances of success.
• Spear Phishing: These are more targeted phishing attacks that target specific individuals. They often seem more legitimate because they include information about the victim like their name and/or job title. This information is often gained from social media to make the communication seem trustworthy.
• Whaling: These attacks usually target senior executives. The technique is often very subtle, for example, the sender may pose as a busy CEO who needs an urgent favour. It may be less sophisticated than spear phishing but it preys on the victim’s willingness to follow instructions from their boss.
• Smishing & Vishing: These types of scams are run over the phone. They often involve text messages posing as your bank, alerting you to ‘suspicious activity’. The link to address the ‘problem’ takes you to a fake website where the fraudster steals your information.
• Angler Phishing: This is the newest method, wherein social media is used. Fake URLs, cloned accounts and fraudulent posts are used to persuade people to hand over sensitive information or download malware.

Phishing Example

One classic phishing scam is the tech support email. Online service providers are known to contact customers when they detect unusual activity on their accounts. Cybercriminals are exploiting this by sending fake messages posing as a trusted entity. They usually instruct you to follow a link to login to your account and address the ‘problem’.

When you follow those instructions, you divulge your confidential account information and the fraudster can access your account. Look out for warning markers like poor email design, suspicious sender addresses and bad spelling/grammar in the message.

Why is phishing such a big problem?

The consequences of falling victim to a phishing scam can be severe. Identity theft is one of the worst of them. If your personal data is compromised, the thief can create accounts in your name and steal lots of money that you would be blamed for. They can also steal money from you with certain details. It can be difficult to clean up identity theft, and the damage to your credit rating and reputation can be devastating.

It is vastly preferable to avoid being a victim of phishing than to have to clean up the damage later.

How can I spot a phishing email?

There are common features of phishing emails that you can look out for:

• They Insist On Urgency: They want you to act fast because what they are offering is only available for a limited time. Some even say you only have a few minutes, or that your account is about to be suspended. Reliable organisations will give you plenty of warning before an offer expires or an account terminates and they will not ask you to update details over the internet. Don’t click these links.
• They Look Too Good To Be True: Lucrative offers are designed to grab your attention. They may claim you have won a prize, for example. Ignore these messages – if something seems too good to be true, it probably is.
• Attachments: An attachment in a random email, or one that doesn’t make sense, should not be opened. It could be a virus or ransomware. The only file-type that can’t be a threat is a .txt file.
• Hyperlinks: Links may not be what they appear. Hover over them to show what the URL is and look out for spelling errors in the URL.
• Unusual Senders: Always check the sender email address. If it doesn’t seem right, do not click on the link.

What is spoofing?

Email and website spoofing are a technique used by phishing scammers to trick unsuspecting internet users. They create ‘spoof’ versions of legitimate websites or email addresses to make themselves appear trustworthy. There are often simple giveaways like spelling errors in email addresses or URLs. Or the spoof website may be poorly designed or contain grammatical errors.

Be aware, however, that scammers are becoming more sophisticated and it can be harder to spot a fake. Always visit the supposed sender’s website directly rather than following the link.

How can I prevent being fooled by a phishing scam?

As the scams become more sophisticated, you need to sharpen your ability to prevent being fooled by them. Here are some prevention suggestions:

• Keep up-to-date on the latest phishing techniques.
• Always think very carefully before clicking on a link or attachment.
• Install an anti-phishing toolbar in your internet browser.
• Verify the security of a site by checking if it has ‘https’ in the URL.
• Check your online accounts regularly to ensure no-one has accessed it.
• Keep your browser up-to-date so it is equipped with the latest protection.
• Use a desktop firewall and a network firewall to reduce the risk of infiltration.
• Be wary of pop-ups as they could well be a phishing attempt.
• Never divulge personal information over the internet – if in doubt, give the company a call.
• Use antivirus software as it can guard against known threats – even very new ones!.

If you would to learn more about cybercrime in general, please feel free to read our informative article Cybersecurity and Cybercrime Explained.

Why choose Eventura for a your cybersecurity?

With over 20 years experience in cybersecurity, we know our stuff. Our team of cybersecurity experts and complete a full audit of your business and identify any areas of weakness, which could leave you vulnerable to cyberattacks.

We were even mentioned in the Governments National Cyber Security Centre (NCSN) Annual Review 2020 when we were chosen to test their “Exercise in a Box” designed to help small businesses prepare and respond to cyberthreats. You can read the article here.

There is a common misconception that cyberattacks don’t happen to SMEs but this couldn’t be further from the truth. With our expert knowledge, we can help you protect your business’s future from the ever increasing threat of cybercriminals.

If you would like to speak to one of our cybersecurity experts or request a cybersecurity audit, you can request a free call back here.