Whether you’re a company or individual, you’ve likely spent enough time on the internet to have at least come across the term “phishing.”
A phishing attack is an act of stealing a person’s personal information by pretending to be a legitimate or reputable organization.
Phishers aim to steal an individual’s sensitive data, such as usernames, passwords, credit card information, bank account numbers, full names and addresses, social security details or any other confidential information.
Phishing is a cybercrime. Usually, hackers attract victims through eye-catching statements like prize-claiming, lucrative offers, or emergency situations. It can occur through email, SMS, and even phone calls—but it has since been evolving to more sophisticated methods like cache poisoning. The information the hackers obtain through a successful attack is used for malicious intentions.
5 Common Phishing Attacks and How to Avoid Them
To avoid you or your business having confidential information stolen from you, we’ve gathered the top five common phishing attacks for you to be aware of and how to protect yourself from them.
1. Deceptive Phishing
Deceptive phishing is the most common phishing method reported. It’s deceptive because these hackers disguise themselves as a legitimate entity and try to replicate companies’ correspondence—and then, well, deceive you.
It’s usually those suspicious emails with spam looking links that aim to infect your computer with malicious software, or malware. Once infected, they are able to hack your computer and get a hold of personal information you’ve saved, on top of seriously damaging your computer system.
Other times, these emails lure you into typing down your personal information on legitimate-looking blank fields by imposing a sense of urgency. They can trick you into believing that your company’s security is in danger, or that there’s an issue regarding your bank account that must be dealt with immediately. As intended, people fall for these rather quickly due to the feeling of being rushed.
The hackers then record the information you’ve handed to them to be able to steal money from you. Before you know it, an unknown individual has already used your account to make a purchase in a country you’re not even about! This may have happened to at least one unsuspecting person you know.
How to avoid it
So to avoid these problems, it’s recommended that you purchase and install antivirus or anti-malware software for your computers so they can scan through all threats and get rid of them right away.
When going through your inbox, it is also important to consider the little details that could help you detect if the email is legitimate or not.
Does the email contain spelling and grammatical errors, broad greetings and addressing terms, or a shady URL?
Are the email contents too good to be true?
If you answered “yes” to any of those, it’s best to ignore the email or delete it.
2. Spear Phishing
Spear phishing is a little trickier to spot. Similar to deceptive phishing, hackers also disguise as a legitimate entity but do so in a more convincing manner as they really tailor their correspondence to the victim.
Hackers use the real information that they’ve garnered from your public profiles, such as real names, addresses, or numbers, and use a more legitimately-looking disguise to make you believe that you have an actual connection with them. They also use this information to offer you what they believe you or your company is needing at the moment.
How to avoid it
Anti-malware software then comes in handy once again, but training your employees for awareness is also important to avoid this type of scam. As early as possible, discourage them from posting corporate or personal information online.
3. CEO Fraud or “Whaling”
Phishers targeting executives or department heads in a company is called CEO fraud, or whaling. The hackers’ goal is to obtain personal information from these high-positioned executives, usually to abuse their accounts to request information from other employees—thus putting the entire company in danger.
Imagine your boss sending you an email requesting for certain company files—you don’t question it, you just comply. With such private company information as well as access to all other employees’ information, your company can easily be blackmailed, resulting in major financial loss.
How to avoid it
In order to avoid this, executives should also partake in security training and awareness, and install anti-malware software. Company cybersecurity rules and policies should also be implemented, making sure that no sensitive information shall be given and no financial transactions shall be done via email.
4. Pharming
Now that most people are becoming much more tech-savvy as generations progress, hackers try to find more sophisticated ways to steal information from you.
Far from the deceptive method of phishing or “baiting” victims, pharming is a DNS (Domain Name System) cache poisoning type of attack. This technique is a lot more advanced, as the hacker redirects you from a real and safe website to a fake one by changing the IP address. Like magic!
How to avoid it
The best way to avoid this type of scam is to make sure that the websites you and your employees are entering are HTTPS-protected. Check if the URL you’re in starts with “https://” before you type in any sort of personal information in it. The “S” in HTTPS stands for “secure”, encrypting your information and ensuring you that the site is from an authorized certificate authority.
And of course, it is also recommended that your anti-viruses and anti-malware software should also be updated on a regular basis.
5. Google Drive/Dropbox Phishing
Nowadays, millions of people resort to using cloud storage as it is an easier way to backup and share files. Uploading them into Google Drive or Dropbox saves your documents knowing that you can access them through any device, at any time. Hackers have since capitalized on its popularity and have begun using it as a target to gain access to your private information.
This can be quite scary, as hackers replicate the sign-in or log-in pages of websites such as Dropbox and Google Drive and host them on the actual websites themselves. Upon entering your information on these fake pages, hackers use them to log-in your actual accounts to steal all your private files.
How to avoid it
So how can you tell it’s fake? Honestly, it’s really hard to tell through the naked eye. But the best way to avoid this type of scam is to enable a two-step verification (2SV), protecting your account by adding an extra layer of security and verification upon logging in.
Keeping Your Confidential Information Safe
We hope that the guide that we have just provided you with can help you spot the most common forms of phishing attacks more quickly and efficiently, and help you prevent them from ruining you and your business.
However, as the masses become more and more aware and become harder to trick, phishing attacks get harder to spot as well, unfortunately—newer and sophisticated techniques of phishing are constantly being developed every day.
That said, it’s vital that all companies update their cybersecurity policies and insist on security awareness training on all its employees and executives, as well as opting for monthly/yearly support solutions. Phishing attacks can occur at any time, so it’s important to have the tools to avoid putting you, your co-workers and your company at risk as much as possible.
We at TechTactonics can help any company in the Greater Toronto Area to protect against phishing and other malware attacks with our monthly security and support solutions for all your digital assets.
Contact us now and learn how you can safeguard your business today!