What do you imagine a phishing attack looks like? If your answer has anything to do with a fish or fishing pole I have bad news for you…
In this instance, we’re spelling “fishing” with a PH, and this method is one of the most common online scams around.
So what is Phishing?
Well… let’s say you receive an email from your bank, they’re asking you to log in to your account and update your details. They’ve even provided a handy link that will take you straight to the relevant page. Amazing!
Not really… that email isn’t from your bank it’s from ME.
And I’ve set up a very convincing website that looks just like your bank site, so when you click my link and follow the “bank’s” instructions, what you are actually doing is giving me all your login information, and whatever personal or banking data I’ve asked for. Thanks!
These kinds of emails have become commonplace in recent years, to the point that they’re a bit of a joke. Have you ever laughed at the “Nigerian Prince” that wants to send you a bit of his fortune? That’s exactly my point.
“It’s so obviously a scam! How does anyone fall for it?”You might have thought.
Firstly, if it didn’t work at least some of the time, no one would do it.
Secondly, and more importantly, by making you believe that all phishing emails are that obvious, you have been lured into a false sense of security, meaning you’re much less likely to spot a better-executed attempt.
In a 2015 study, 97% of people were unable to identify sophisticated phishing emails. How many of those people thought they were too smart to be fooled? Part of the problem is that many people don’t realize how personalized phishing can be.
Targeted attacks are called “spear phishing” and they’re geared towards YOU. Usually, these “phishers” will have some prior information on you, taken from social media or online public records. They use this to tailor an email that seems too specific to be a generic scam, and so is far more believable and likely to yield results, and scammers know this.
In a review of over half a million mailboxes, it was found that 77% of spear phishing attacks targeted ten people or less, and more alarmingly 33% targeted just one.
What does one of these Phishing attempts looks like?
Well, say your colleague has gone on holiday to Mexico, lucky guy. You know he’s in Mexico because you saw him check into the airport on Facebook. A few days later, he sends you an email, he’s really sorry to reach out that his phone, wallet, and passport had been stolen, but fortunately, he remembered your email address. Could you possibly wire him some money, using this link?
Obviously, he’ll pay you back, he’s just in a bit of a tight spot right now and needs to pay the consulate for his new passport. None of this is particularly far-fetched or difficult to believe, but all the same, it’s not true. This is a spear phishing attempt.
Your colleague’s Facebook privacy settings are wide open, so his airport check-in was visible to the whole world, including our scammer, who only needed five minutes to google your colleague’s workplace to find you and your email address, and then fire off a compelling sob-story.
But often time, it doesn’t even need to be that specific, how many people are going to question a Google Calendar meeting invitation from their boss? Just click here to RSVP, sign into “Google” and as easy as that you’ve given away your login details.
So, aside from ignoring emergency emails from your friends, and deleting anything your boss sends you without opening it, what can you do to stay safe?
Firstly, when you get an email, check, I mean really check that it is what it says it is. Secondly, never click any links provided. If someone wants you to log in, go to their website independently and log in from there. If you’re still unsure, find a legitimate number and call the company involved to ask about the email.
Customer security is a big deal, and they won’t be fazed by being asked questions like this.
Thirdly, if you absolutely have to follow a link, triple-check the URL of the website that you’ve been sent to, and make sure it matches up with where you log in normally. Just seeing a padlock is not enough. There are all kinds of tricks to fool even those with a deep understanding of URL schemas, so you need to exercise extreme caution.
Phishing attacks are called that for a reason, a lot of the time those behind them are just throwing out a line and seeing who bites, but by being aware of how these kinds of scams operate and exercising vigilance, you’re making it far less likely that you’ll be the one to take the bait.
If you found this interesting share it with your friends!