You have probably heard about phishing attacks in the context of the Internet. But in fact, phishing is older than the web itself. This password-stealing technique was first used over the phone. Hence the name that’s a portmanteau of “phone” and “fishing”, as in fishing for passwords or other information.
Today, phishing attacks are still going strong, although now in digital form. Read to find out what a phishing attack is and how to protect your accounts from this common cyber threat.
How does phishing work?
Phishing is a game of deception. Hackers send emails posing as a legitimate institution to trick victims into revealing their sensitive information, such as passwords or credit card details.
Phishing emails use manipulation to compel victims to reveal their information. They often convey a sense of urgency, informing the target that they’re in an overdraft or that their credit card has been blocked. Alternatively, phishing emails would describe too-good-to-be-true scenarios, such as winning a contest the victim never entered or getting an unusually high tax return.
Typically, phishing emails contain a link that will redirect the victim to a website. These websites are exact replicas of the sites the hackers are impersonating. The unsuspecting target will be prompted to enter their login details or card details as usual. Unfortunately, this information will then go straight to the hackers who can now take over accounts or perform banking operations in the victim’s name.
In an alternative version of phishing, the link won’t take the victim to a site but it will download malware onto their computer instead. That malicious software will then provide a backdoor to cyber criminals to take control over the device or steal sensitive information.
How to protect yourself and your data
Know how to spot them
The first step to protecting yourself from a phishing attack is to be aware of their existence and treat all incoming emails with a healthy dose of skepticism. Beware of emails that ask you to reveal your personal data and never click any links in suspicious emails.
If you get an email from your bank, the government, or PayPal asking you to log into your account, don’t follow the links in that email. Instead, search the relevant website in your search engine and log in that way. If you want to be extra sure, it’s a good idea to bookmark your bank’s and other important institution’s websites for future reference.
Look also for warning signs in the email. Does it look different than normal? Is the greeting generic and doesn’t include your name? Is the email address correct? Phishing emails are often sent from email addresses that are very similar to the actual ones but so can be easily mistaken at first glance.
Set up two-factor or multi-factor authentication (MFA)
No matter how careful you are, you might still fall victim to a phishing attack. Cybercriminals who run these schemes are experienced and employ increasingly advanced techniques.
The only action that can truly protect you from the consequences of a phishing attack is securing your accounts with two-factor or multi-factor authentication. Two-factor authentication adds another layer of security on top of a password. It combines something you know (password) with something you have (security key, your phone), meaning that the hacker can’t simply log in from a new device just by knowing your password. They will still need to complete the second authentication step which in most cases will be impossible.
There are various methods of authentication that can be used as the second verification step. It’s worth noting that using an authentication app on your phone or a hardware security key are preferred forms of verification. Hackers have been known to redirect text messages of the victim to a different SIM card, so using texts as verification is generally discouraged by security experts.
Phishing attacks can outsmart even extra careful Internet users. It’s important to know how to recognize, what to do when you become a target, and how to prepare a safety net in case you fall for one. In 2019, taking care of one’s cybersecurity is more difficult and more important than ever.
I think that these days people are coming up with new phishing scams more quickly and since we don’t know much about them, it’s easy to get tricked. I was looking for more articles like this to read on this topic, and I found this blog from a VPN provider where they listed out scams to be aware of. I believe it’s a great way to become more aware and protected: https://surfshark.com/blog/types-of-scams-2019
Thanks for the reference, Andrew.