Phishing is one of the most common scams to steal personal information. However, it is possible to avoid it if you are aware of what to look for.
What Is Phishing?
Phishing is the process of faking an identity to pose as someone or something you easily trust and then dupe you into giving sensitive information like password, username, etc. The target is to steal money from you. Just imagine, the average loss after a phishing attack for a medium-size company is $1.6 million.
Common phishing scams that people face daily include bogus emails posing to be trusted institutions like major banks, services where you can buy term paper, and the U.S Internal Revenue Service. Higher-level scams are finely crafted and look so much like legitimate messages from sites you usually transact business with. As Proofpoint Security Awareness Training (formerly Wombat Security) State of the Phish reports, 76% of businesses fall victim to phishing attacks in 2020.
Here are some of the most common types of phishing scams and how you can avoid them.
Your Account Will Be Or Has Been Suspended, Disabled Or Locked.
Phishing scams thrive on scare tactics. Warning a user that his or her account will be or has been suspended, disabled or locked will prompt them into action to share their login credentials.
Fraudulent/ Irregular Activity Has Been Detected In Your Account, Or It Needs A Security Update.
Another commonly used tactic following close to #1 is that scammers will warn you that they have detected fraudulent or irregular activity in your account or that the account needs to undergo a security update which is mandatory for all account holders. Users mostly log in without double-checking to permit this “security” update.
You Have Received An Important Or Secure Message.
This phishing scam is mostly common to financial institutions, but some also pose to be from popular e-commerce websites. Since financial institutions do not send details of customers in emails, users will tend to click on the given link or even open the attachment in the email if it poses an important or secure message.
Tax Themed Phishing.
Every year, there are a lot of phishing scams under tax themes right before the tax time in most countries. Some of these tax-themed scams include updating the information in the filing, eligibility of users to get a refund of tax, or even warnings that tax money is owed to the tax department. One thing to keep in mind is that the IRS still sticks to the method of sending snail mail and does not resort to communicating through text message or email.
Phishing Based On Attachment With Varying Themes.
A new trend that has been spotted quite frequently in recent years is that scammers are resorting to varied theme lures. They attach an HTML page instead of offering a link to the external website and ask the users to click on this secure page which will require the user to enter financial information and login credentials.
Ransomware encrypts data (makes data inaccessible to users) and tries to use the same fear tactics as phishing. They wish to make the attacked person panic and give in to paying the ransom.
What To Avoid
Here are some tips on what not to do if you want to avoid phishing scams.
1. Do not open links on emails sent by unknown senders.
2. By all means, avoid downloading attachments if you were not expecting that email.
3. Stay away from shortened links such as Bitly URLs which come from unknown sources. Scammers often disguise their malicious URL links by offering a shortened form of the links you are familiar with. If you are not sure about whether a link you got is authentic or not, try to hover your cursor over it. Very often, the full URL usually pops up.
4. Important tips you can keep in mind are to keep security and software patches updated all the time, use more complex passwords, keep different passwords for different websites, and keep a two-factor authentication process when you can.
5. Most of all, DO NOT share your personal information through instant messages, text messages, social media platforms, or emails.
6. You should also turn on the spam filtering feature in your email provider or install one yourself from a reliable service provider. It is important to give up the habit of mindlessly clicking on links that you do not know. You should not even click on links that you get from close friends or family if there is a lack of any content or personal message in the email.