Phishing is the attempt to deceive internet users, in which the perpetrator impersonates a trusted source, and using the poor protection provided by electronic tools and the ignorance of the victim-user, to obtain sensitive personal data and passwords.
The most common form of successful phishing is when a victim clicks on a link or downloads a file, allowing the malware to gain access to an account or device.
What are the different types of phishing attacks?
1. Email scams – Phishing
The most common form of phishing is emails that prompt the recipient to take some action to either share personal information or download dangerous and malicious software in order to access their bank account, post to their social media profile or even make online purchases.
2. Scams via sms – SMiShing
It works in exactly the same way as phishing, but using SMS messages to take advantage of the fact that the percentage of users who will suspect a traditional text message is very small, making them more likely to be victims of fraud.
3. Spear phishing
Spear phishing uses similar methods to the above scams but it targets a specific person and tries to become more credible by sending a series of emails within a short period of time in order to simulate the way a large organisation such as a bank or an online store operates so that the user shares personal information or downloads dangerous and malicious software.
How can one detect a phishing scam?
In recent years phishing has grown from obvious fake emails – who among us hasn’t received the email with the Nigerian prince’s legacy – to complex strategies designed to fool even the most suspicious recipients. For example, you may receive phishing emails confirming registration to unknown services or even requests for a password change.
But let’s look at some clues that can help identify a phishing attempt:
1. The sender imitates well-known brands
The simplest and clearest online safety instruction is to never open emails from senders we don’t know. To get around this, fraudsters mimic trusted and internationally recognised brands. So you’ll probably receive an email from Apple, Google or your bank that appears to be authentic but actually contains phishing malware or takes you to a new page asking you to fill in personal details.
But even if you open the email even though you don’t know the sender, before you click on the link that says “you’ve won a free iphone” , just think, would someone who gives away expensive iphones ever communicate by email? Before you fill in your e-banking details for confirmation, think, would your bank ever ask for such sensitive information via an anonymous email?
2. Contain syntax and spelling errors
One disadvantage that attackers who want to gain access to your data have is the lack of time. They try to send as many phishing emails in as many languages as possible as quickly as possible and so make spelling and syntax errors. Some other visual clues that the message you are reading is probably a threat are the use of different fonts in the text or even the misplacement of graphics such as logos.
3. The shipping address does not have the correct domain extension
But even if someone manages to copy not only the appearance but also the writing style of a company, e.g. a bank, they will never be able to use an email address ending in its official domain. At best he will be able to secure a similar address, so it is very important in such messages to always check the contact details before taking any action.
4. Use scare tactics
A common phishing strategy based on fear mongering is messages claiming that your bank account will be closed or you will pay a fine if you don’t click on the link below and provide your details. Here the aim is to get users to come under pressure and click without thinking clearly.
How to protect yourself from a phishing scam;
The surest way to stay safe and safeguard your personal information is to check every message you receive before you open it. Some additional steps you could take for extra security include the following:
1. Always make sure that you are on secure sites that contain an SSL certificate as they protect you against such threats.
To confirm that you are on a secure page you can easily see that at the top of the page address there is ” https:// “
2. Using a trusted provider for your email that has the appropriate spam filters that help limit phishing attacks.
3. Do not open attachments received from users you do not know while you are not expecting them. The same applies to links, don’t click on them unless you examine their origin.
4. Be sure of the sites from which you order online. Do not fill in your personal and financial details unless you are sure that the merchant’s identity is valid.
5. You can also use an antivirus program as most of them have protection against phishing threats. Basically, the antivirus will flag suspicious messages and warn you not to take any action on them.
How do we react when we fall victim to phishing?
Let’s be honest, whatever our level of preparation and vigilance, we can always fall victim to a phishing attack. But what steps should we take once we become aware of it ?
1. We perform a full scan of our computer
In case the phishing attack installed some malware on our computer, it can record our activity and steal our data and passwords. We use an antivirus program, for a full scan of the computer to find it and delete it.
2. We report the problem
Our next step must be to inform all parties involved. Our email provider, our bank, the Cybercrime Directorate, etc. This move reduces the possibility of further attacks but also provides evidence in case we find ourselves with unexplained charges on our bank account.
3. We change passwords immediately
At the same time we will have to use a different computer to change all our passwords. We choose unique and complex combinations for the new passwords in which we must necessarily include symbols, letters and numbers.
Phishing is a malicious act of deception that no software will ever be able to fully address without the common perception that the user can show towards such a threatening message.
So the power that the user has in this case comes from knowledge. As long as he knows what basic clues to look for he will be able to identify false messages and avoid being deceived.