logo
logo
Sign in

What is phishing and how do I protect myself against it?

avatar
E2E Technologies
What is phishing and how do I protect myself against it?

If you’ve ever received an email that looks legitimate from a trusted source which asks you to either click on a link or input your personal information, you have probably encountered a phishing scam.

Often, these types of emails will either request that you enter your username, password, bank details and other sensitive information. They will also usually feature a link that once clicked on could either take you to a scam landing page, or download malicious software onto your computer.

But how can you tell the difference between a legitimate email and a phishing scam? One easy way to spot these sorts of scams is to notice that your bank or any other similar organisation would never ask you to input sensitive information over email.

Phishing can be extremely damaging, leading to stolen money and even identify theft. So, to help you stay safe online, let’s take a closer look at some of the ways you can protect yourself against phishing.

What is phishing?

Phishing is a common tool used by cybercriminals to attempt to trick victims into sharing sensitive information by disguising themselves as a trustworthy company or organisation. This is done using a variety of different platforms, from emails to text messages and sometimes phone calls. The most common form is email however, with cybercriminals usually sending out thousands at a time, with the hopes that enough people will be tricked.

Even though the emails or texts may look legitimate at first glance, on closer inspection they will look unprofessional and be littered with grammatical errors, spelling mistakes and pixelated logos. However, because they send out so many of these scam emails and texts, they only need to rely on a small number of people to fall victim to them.

One example of a famous phishing scandal was in 2018 and targeted Netflix users. Cybercriminals sent out an email that looked as if it had come from Netflix asking users to update their billing information. It included a link, which instead of taking users to the Netflix website, redirected them to a scam landing page which had been created by the scammers.

Nobody wants to be scammed, so how do you go about protecting yourself from these kinds of threats? The best way to start is to learn more about them so you can instantly spot the warning signs.

How does phishing work?

Let’s take a look at a step-by-step process of how a typical phishing scandal works:

  • Firstly, cybercriminals will pick out their target victims and create a strategy for the best way to steal their data.
  • They will then plan the method, so, whether they will send emails, texts or both.
  • The attack will then begin, with the messages being sent out to millions of people.
  • Cybercriminals will then closely monitor the progress of the attack and store any data that they collect.
  • The data collected will then be used to make illegal purchases or commit fraud.

Types of phishing

Unfortunately, alongside the common email phishing already mentioned, there are other types of phishing scams which can be more sophisticated and targeted.

  • Email phishing – As mentioned above, it is usually an email sent by cybercriminals with the intent of stealing sensitive information. The email will usually come from a bank or company which stores bank details. It will include a link that will take the user to a fake webpage where they will be prompted to input their personal information. The link can also download malicious software onto your computer.
  • Spear phishing – Very similar to regular phishing, spear phishing involves sending out messages to victims, however, it takes a slightly more personal approach. These emails or messages are more targeted to a particular type of person or business. Before starting a spear phishing scam, hackers will research the victim, also known as social engineering. Sometimes these emails could be to users who have recently purchased something from a website. They will then send an email with the subject ‘Order Postponed Due to Incorrect Bank Details’ or something similar.
  • Whaling – This is when cybercriminals target specific, high ranking professionals or government officials and attempt to steal corporate or government data. These attacks are much more sophisticated and can be catastrophic if successful.
  • Clone phishing – Clone phishing is very hard to detect and involves a scammer building an identical version of an email or message they have already received.
  • Pop-ups – Lastly, pop-up phishing is when ads pop up and try to trick users into downloading malicious software onto their computers. The ads will be disguised and could even be promoting anti-virus software.

How to protect yourself against phishing attacks

  1. Never share sensitive information in response to an email or message, especially if you did not initiate the correspondence.
  2. If you need to share information and the message looks legitimate, first contact the organisation you think it has come from and ask for confirmation.
  3. Never share your password or details over the phone. Your bank or a similar organisation would never ask for these details during a phone call.
  4. Verify your transactions and check your bank statements.
  5. Check the email address the message has come from, if it doesn’t match the company it’s sent from, you should be suspicious. Legitimate emails will also usually include your first and last name.
  6. Always check the webpage is authenticated and secure before inputting your information. You can see this by whether there is a padlock in the top left-hand corner, next to the URL.
  7. Don’t click links in emails or messages, they may download malware onto your device or take you to a scam webpage.
  8. Watch out for common phishing language, such as bad grammar, spelling mistakes and common phrases like ‘verify your account’, warnings that your account has been hacked or enticing messages offering you cash rewards or prizes.
  9. Never click on pop up ads.
  10. Make sure you have anti-virus software and it is updated.

If you’re looking to protect your company from phishing scams, it’s best to start using anti-phishing software. There are lots of options out there, each providing solutions such as identifying and neutralising malware attachments, handling zero-day vulnerabilities, detecting spear phishing emails and many more.

If some of the IT jargon is too difficult to understand, we have a great resource. Our IT dictionary has almost every IT term used and we explain what each stands for and exactly what they mean.

 

collect
0
avatar
E2E Technologies
guide
Zupyak is the world’s largest content marketing community, with over 400 000 members and 3 million articles. Explore and get your content discovered.
Read more