Common Phishing Attack and How to Protect Against Them
Phishing refers to attempts to make a sucker out of you. The
phishers want to take your usernames, passwords, credit cards and money. They approach you through the Internet or telephone pretending to be a legitimate person or agency. It is a threat that has been around for a long time and is still being used because it works.
Phishers are criminals after your identity, along with all of the information and money that comes with it. So, they dangle bait, waiting for people to bite from home or business. No one is perfect so this threat is for everyone. Ways to help protect yourself and your organizations have two forms: installing state-of-the-art security on all devices and repeated training and understanding of what phishing is and how to avoid it.
First, we need to know what kind of attacks there are and how they are performed. Most common types are:
Whaling: Targets the highest-level employees who handle finance and data decisions. Assuming business leaders aren't suckered by the common pitch, phishers prepare special approaches called harpoons.
Harpooning/Spearfishing: Uses personal details secured from other business sources and social networks, so the email language appears unique to the individual and confidential. The email might also include the sort of attachment the recipient would be pressed to open, like a subpoena, contract or tax form.
Fake phishers: Deceptive fishing by sending emails that present as a legitimate company, such as PayPal, MasterCard, Wal-Mart or others. Recipients are fooled into thinking the request for personal information is legitimate.
Pharming: A malicious technology scheme to convert the Domain Name System (DNS) of websites into a numerical IP address which then redirects browsing users to a malicious location even if the victim entered the correct website search.
Mimic phishing: Trusted sites like Dropbox, GoogleDocs or Outlook are imitated. Messages offer absolute duplicates of the sign-in screens for such sites and lure victims to enter their personal sign-in username and password.
Nigerian: Schemes promise delivery of a big payoff if the victim makes an advance payment or fee to secure the grant.
Banking: Scams and tax frauds announce a problem with banking or tax records and demands personal information to correct the problem.
Of course, there are more schemes. Some emails offer jobs, vacations, stocks and more in exchange for personal information. And, many of these attacks include attachments containing malware and viruses.
Now, how do you protect against these attacks? The main points to keep in mind are:
1. Banks, tax authorities and trusted agencies never ask for personal information online.
2. Email addresses of a sender must correspond to a legitimate business domain name.
3. Never click any unverified link. For example, there's no need to click-through an email message if the actual website is available.
4. Optimize your system. For example, put some effort into white and black listing your incoming emails by your customizing the system's filtering.
5. Avoid URLs that begin with http:// rather than https://. Look for the lock icon in the URL line.
6. Do not respond to emails demanding an "urgent" response. Call the source to verify their identity and proceed accordingly.
7. Look for amateur work with poor language and spelling.
8. Refuse to sign onto a site through Facebook or other social media access.
Cyber criminals are even sophisticated enough to attack certain days of the week at certain times of the day in certain seasons. Phishers will target any organization. And, if the organizations are vulnerable, customers lose faith, costing damage to their reputation.
It is also true that the phishers are more active and determined than their victims. They're at work identifying new targets and drawing up new schemes. As a result, it pays organization leaders to create a climate that invites employees to report even suspected scams.