Types of phishing attacks to protect against
Here are some of the most common types of phishing attacks to protect against.
Phishing is one of the most insidious ploys cybercriminals have devised to date. The approach leverages email, text messages, pop-up ads, and even phone calls. The key aim is to extract sensitive information such as usernames, passwords, credit card numbers, banking account numbers, and even Social Security numbers.
In most instances, the fraud is driven by the target’s desire to avoid some sort of pain or awkwardness. To that end, phishing scams are staged to seem to come from a reliable source. Here are some of the most common types of phishing attacks to protect against.
Otherwise cautious people are duped every day by the most common phishing medium. Email phishing scams lead people into clicking a link in an email message and responding with personally identifiable information capable of compromising their spending power in some way.
Messages typically appear to come from an organization with which you do business outlining a problem with your account. You’re told you need only to click on the link and update — or verify — your account information to resolve the situation.
Upon completion, your account will once again be “in good standing.” And, the information you provided will be used to spend as much of your money as possible before you realize what you’ve just done. Or, at work, the aim could be to gain access to an account on the network so hackers can exploit company data.
Your best defense here is to be wary of any email request to update or verify account information. Rather than responding using the link in the message, contact the company, using a method with which you’re experienced to confirm the message’s assertions.
Enterprises can use a secure email gateway to filter out messages from unrecognized sources. This works because the addresses scammers use are often just different enough to potentially go undetected by the user. However, the gateway will pick it up and block it, or funnel it into junk.
Phony “Tech Support” Calls
Your phone rings at work. It’s someone claiming to be from the IT department saying malware has been detected on your computer. To correct it before the rest of the network is infected, they need you to download some remote desktop software so they can eradicate the malware ASAP.
Which, of course, is when the actual malware gets installed. At that point, they will have access to your machine to look over your shoulder at everything you do, as well as download any sensitive information they might find while probing your network.
To guard against this, never allow anyone remote access to your machine. Further, always make an effort to verify the veracity of the person calling. If they say they’re from IT, put them on hold and call your IT department using the internal phone number in your employee directory. If they say they’re from another company, get the phone number of that organization and phone someone there to see who’s calling you.
Fake Search Results
Malicious operators have been known to purchase search engine results page (SERP) ads. The paid search ads come up with legitimate results, which makes clicking on them seem OK. What’s more, because they’re paid ads, they come up at the top of a SERP, making them even more prominent. Clicking on the ad initiates the transfer of malware, which can get into your machine and spread throughout the network to which it is attached.
Typosquatting, also known as registering domain names very similar to those of widely recognized organizations, is a common practice here. Always examine URLs carefully before clicking search links. You can also install safe search software on your machine to ensure the results you get have been screened by a security service.
These are but three of the most common types of phishing attacks to protect against. The Federal Trade Commission site lists even more extensive resources to help you recognize and defend against a wider array of potential incursions.
- Anti phishing solutions – do you need one?
- Prevention from phishing – How to protect your business from phishing attacks
- Google made a phishing quiz to teach you about email scams
- How to protect yourself from the new Netflix phishing scam making its rounds