Everything you need to know about phishing
You were tempted to click, weren’t you? You shouldn’t feel bad because many people fall into such traps. I offered you something valuable, free, but for a limited time. Cybercriminals know it is easier to fool people than to break through security technology.
According to the FBI, phishing was the most common type of cybercrime in 2020, and phishing incidents nearly doubled in frequency, from 114,702 victims in 2019 to 241,324 victims in 2020.
So, what is phishing?
Phishing is trying to gather personal information using deceptive e-mails or websites. What makes your data so valuable? Your data is considered a resource. A resource that helps them steal your money and sell your data to advertisers. As in fishing, the fish will be caught if the fisherman has good bait. There are several types of phishing: vishing (the telephone equivalent of phishing), whaling(a method to target influential individuals within an organization directly), smishing(via text or SMS message), pop-up phishing, and so on.
Why do people click?
People believe the sender is legitimate, so human error leads to the success of cyberattacks. Distraction is one of the main reasons people fall for phishing scams. Imagine! You have a deadline, you are stressed about finishing your task, and at the same time, a colleague writes to you and asks for your help. Two minutes later, you receive an email: “We’ve updated our login credential policy; please confirm your account by logging into Google Docs.”. You click quickly, don’t waste time, and enter your password. And ready, you were caught 😀 Distraction is quite a common occurrence for all remote workers. More than half of remote workers today admit they are more distracted when working from home.
How can we avoid these attacks?
- Be up to date with new techniques.
New phishing scams are being developed all the time. The best protection against phishing is knowing how to spot it in the first place. Here you can find some of the latest trends.
- Verify the sender
Always verify the sender and that the request is legitimate before taking action. Don’t open attachments, click on links, and so on. No legitimate organization will send emails from an address that ends ‘@gmail.com’. Most organizations, except some small ones, will have their email domain and company accounts. If the domain name (the bit after the @ symbol) matches the apparent sender of the email, the message is probably legitimate.
- Verify the links
A phishing email may claim to be from a legitimate company, and when you click the link to the website, it may look exactly like the actual website. Never click any link without checking it out. You can hover over links to verify they are correct. Look for different changes in spelling, memorable characters, and numbers in addition. You can also verify links here: virustotal.com.
- Stop, and think twice before you click!
If the email is urgent or trying to get you to act fast, stop and think about it. Who they are and what they want from you. Most phishing emails will start with “Dear Customer,” so you should be alert when you receive these emails.
- Use Antivirus and Firewalls
Antiviruses scan files that come through the internet to your computer. It helps prevent damage to your system, whether a PC or a phone. You must also be careful if you make transactions or open emails from your phone. Firewalls protect against outside cyber attackers by shielding your computer or network from malicious or unnecessary network traffic.
- Never give your personal information.
We shouldn’t send personal data, such as a photo of our credit card or identity card. We should do this only if we have checked the above points and are 100% sure it is ok and necessary.
Don’t be swayed just because a correspondent seems to know a lot about you. These so-called “spear-phishing” attacks are a fraudulent practice of sending emails ostensibly from a known or trusted sender to induce targeted individuals to reveal confidential information.
You don’t have to wait to be attacked. You can train by taking this quiz or something similar.
Stay safe!
☞Arigato for reading.