What is Phishing?

What are Some Types of Phishing Attacks and Ways to Defend Yourself?

Phishing is a type of online scam where criminals try to trick you into giving them your personal or financial information. They do this by sending you fake emails or text messages that look like they’re from a legitimate organization, such as your bank or credit card company. They may also direct you to a fake website that looks real.

If you fall for the scam and enter your information, the criminals can use it to commit fraud or identity theft. That’s why it’s important to know how to spot a phishing attempt and what to do if you think you’ve received one.

Here are some examples of phishing attempts:

1. Spear phishing is a type of social engineering attack in which attackers send messages that appear to come from a trusted source in order to trick victims into revealing sensitive information or install malware. Spear phishing attacks are often targeted at specific individuals or organizations, and the messages usually contain personal information or details that would make them seem more believable. In many cases, the attackers will use publicly available information to craft their spear phishing messages. For example, they might include the victim’s name, job title, or company in the message in order to make it seem more legitimate. Spear phishing is a serious threat to both individuals and organizations.

2. Smishing is a type of phishing attack that uses text messages instead of email. Smishing attacks are usually carried out by sending a text message that appears to be from a legitimate source, such as a bank or credit card company. The message may warn of a problem with your account or offer a special deal. If you click on the link in the message, you will be taken to a fake website that looks real. The fake website may ask you to enter personal information, such as your credit card number or Social Security number. If you enter this information, it will be sent to the attacker who can use it to commit fraud. Smishing attacks are becoming more common, so it is important to be aware of them. If you receive a text message that looks suspicious, do not click on any links. Instead, contact the company using a phone number or website that you know is real.

3. Phishing Websites are designed to trick you into giving them your personal information. They usually look like legitimate websites, but they have a different URL. Phishing Websites will often pop up after you click on a link in an email or in a web browser. They will usually ask you for your login information, credit card number, or social security number. Phishing Websites can also install malware on your computer. If you think you’ve been phished, change your passwords and run a virus scan on your computer. A new, more advanced version of Phishing Websites has been discovered by Microsoft. In these new attacks attackers are still sending out emails with illegitimate links but instead of storing the information put in by a user, they forward that information to a legitimate website. Once the information is forwarded, if the user has two factor authentication (2FA) enabled, it will be activated. The illegitimate site sends that notification to the user and once they confirm their login, the attacker takes the session cookie to pawn themselves over as the user and access their account. 2FA was once a sure fire way to protect yourself from Phishing but this new method puts that at risk. According to Microsoft after getting the session cookie it can take as little as 5 minutes for attackers to have access to your account. 

4. Phishing ads are those annoying pop-ups that appear when you’re trying to visit a website. They usually take the form of a message telling you that you need to update your software or download a new plugin in order to view the site. However, these ads are actually just a way for scammers to trick you into downloading malicious software or giving them personal information. So next time you see a phishing ad, just hit the back button and pretend it never happened.

5. Phishing phone calls, also known as vishing, are a type of scam where criminals attempt to obtain personal information such as credit card numbers or bank account information by pretending to be a legitimate organization. Typically, the caller will claim to be from a well-known company or government agency and may use threats or intimidation to try to get the victim to provide their personal information. Phishing phone calls can be very convincing, so it’s important to be aware of this type of scam and know how to protect yourself. If you receive a suspicious call, do not give out any personal information and hang up immediately. You can also report the call to the proper authorities so that they can investigate and help prevent others from becoming victims.

There are a few things you can do to protect yourself from phishing scams:

1. Be cautious of any email, text message, or pop-up ad that asks you for your personal or financial information. Even if the message looks like it’s from a legitimate organization, it could be a phishing attempt.

2. Don’t open any attachments in an email, text message, or pop-up ad unless you’re sure they’re legitimate. If you’re not sure, you can scan the attachment with an antivirus program before you open it.

3. Keep your anti-virus and anti-malware software up-to-date to help protect your computer from malware.

4. When you’re browsing the internet, be cautious of any website that asks for your personal or financial information. Even if the website looks legitimate, it could be a phishing attempt.

5. When shopping online, make sure the website you’re using is secure. You can tell if a website is secure if the URL starts with “https” and there is a lock icon next to it.

6. Never give out your personal or financial information to someone you don’t know. If someone calls you and asks for your information, don’t give it to them. If you get an unsolicited email or text message that asks for your information, don’t reply.

7. Keep your personal and financial information safe by storing it in a secure location, such as a password-protected file on your computer.

8. Be cautious of any emails or text messages that say you’ve won a contest or lottery that you didn’t enter. These are often scams where criminals are trying to get your personal or financial information.

9. If you think you’ve been the victim of a phishing attempt, report it to the proper authorities. You can also report it to the Anti-Phishing Working Group at www.antiphishing.org. Or if you are a client of ours please email us at help@mytechcoach.biz and let us know about the suspicious email.

10. We also recommend using business grade, managed email service with SPF, DKIM, and DMARC in place to limit bad actor emails and impersonators.Business grade email hosts include services such as Google Workspace and Microsoft 365. Along with this, save email headers so later on your IT manager can review them to find the origin of suspect emails. In general it is a good idea to consult your IT manager on any questions about phishing. If you are looking for an IT manager or want to know about what a managed service provider can do for you, book a consultation with us: mytechcoach Calendar