man in beige shirt looking at smart phone
BlogScam AlertPhishing - What is it? How to Prevent Phishing Attacks

Phishing - What is it? How to Prevent Phishing Attacks

Lindsey LaMont

Feb 12, 20234 min read

Phishing is a cybercrime designed to obtain access to your online accounts, banking/credit card details, passwords, and other personally identifiable information. You could receive a phishing scam via email, phone, or text message.  Learn how to prevent phishing attacks.

In today’s technology age, it’s almost impossible that you haven’t come across a phishing scam. In fact, you may have a phishing attempt in your email (or your spam inbox) right now. While it’s unlikely that phishing scams will go away any time soon, there are ways to prevent yourself from becoming a victim.

What is Phishing?

Phishing is a cybercrime designed to obtain access to your online accounts, banking/credit card details, passwords, and other personally identifiable information. You could receive a phishing scam via email, phone, or text message. 

The attacker sends messages that appear to come from an organisation you know or have an account with. These messages will include malicious links which, if clicked on, can install malware, freeze your system in a ransomware attack, or reveal your sensitive information. 

Phishing scams are often seen in corporate environments, as one employee falling victim to an attack can allow cybercrimina­ls to bypass entire security systems. They’re able to gain access to confidential data this way and can cause significant damage to the corporation that experienced the attack.

Types of Phishing Scams

There are a variety of fishing scams that you need to be aware of to keep yourself safe online. These five phishing scams are the most common, and you’re likely to encounter at least one of them in your lifetime. 

  • Email phishing

Phishing attacks are most commonly sent by email. Creating a fake domain name that looks like an authoritativ­e organisation is quick and easy for cybercrimina­ls. They can then send thousands of generic requests out via email to obtain sensitive data from victims.

  • Smishing and Vishing

Smishing and vishing use telephones rather than emails to complete phishing attacks. Text messages or phone calls with similar content to phishing emails will be made in the hopes you’ll interact with them. 

  • Spear phishing

Spear phishing is highly targeted. While it is still a version of email phishing, spear phishing skips the generic requests and can include your name, place of employment, job title, and other identifying information. Spear phishing is most commonly seen in the corporate world.

  • Whaling

Whaling takes spear phishing tactics and makes them even more targeted. The end goal is the same as other phishing attacks, but the writing and overall technique are more subtle. You won’t find links in these emails. The cybercrimina­l will imitate an executive in your organisation and ask for a favor. 

  • Angler phishing

The newest type of phishing, angler phishing takes place on social media. Fake URLs, posts, tweets, and instant messages can easily convince you to give away sensitive information. As organisation­s have seen an uptick in complaints on social media, this phishing attack has become more popular.

How to Recognize Phishing

While all of this sounds scary, there are ways to recognize phishing attacks and keep yourself safe on the internet. If you receive an unexpected email or text, here’s how you can identify it as a phishing scam. These emails and texts commonly:

  • Mention suspicious activity or log-in attempts.
  • Claim that there’s a problem with your payment information or account.
  • Ask you to confirm personal or financial information.
  • Include an unexpected invoice.
  • Ask you to click on a link for payment.

If you notice these warning factors, there are likely others in the email, text, or phone call. Here are some other common signs of phishing attacks:

  • The domain name of the email sender is not the appropriate company domain name.
  • The links, when hovered over, don’t lead you back to the appropriate company website.
  • Grammar or spelling errors may be included, as well as unprofession­al graphics.
  • Generic greetings will be used in place of personalizat­ion.

If you aren’t sure if an email, text, or phone call is a phishing scam, the best way to handle it is to reach out to the organisation directly (not from the sent email or text) and ask for clarificatio­n.

To prevent phishing scams via phone, a caller ID and spam-blocking software can prevent you from even seeing or speaking with scammers on your phone. They block texts and calls that may lead you to give out personal information to unsafe parties.

How to Prevent Phishing

You can protect yourself and your organisation from phishing emails, texts, and calls in a few steps.

  • Download and install a caller ID/spam-blocking app (also for text messages) like Truecaller. People that use Truecaller are constantly identifying scam calls in real-time, which helps the entire community of 330 million people avoid scams like these.
  • Use two-factor authenticati­on online. This way, even if your data is compromised, cybercrimina­ls won’t have enough information to gain access to your accounts.
  • Change passwords frequently and use strong passwords that you haven’t used before.
  • Update your laptops and cell phones regularly to ensure security is up to date.

What to do if you have been a Phishing Attack Victim

Apart from staying vigilant with Truecaller, if you do fall victim to a phishing attack, know that you’re not alone. It’s important to work quickly if you think a cybercrimina­l has information like your Social Security number, bank account number, or credit card info. You can go to IdentityThef­t.gov to get specific steps to protect yourself based on what information was compromised.

You should also update your software on your phone or email and run a security scan to determine if any malware has been placed on your device. 

If the phishing scam has put your organisation at risk, reach out to your IT department for clarificatio­n on how to best handle the situation.

Lindsey LaMont

Feb 12, 20234 min read

Scam Alert

Keep reading