According to the Oxford dictionary phishing is described as “the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers.” Phishing is a type of social engineering attack often used to get access without permission to user data.
Phishing can come in different forms, but all with the same purpose in mind – stealing your personal details. Statistics show that 91% of information security breaches begin with a phishing scheme of some kind. So, what should you look out for?
Different types of phishing
Spear phishing: Targets a specific group or type of individuals such as a company’s system administrators.
Whaling: Can be an even more targeted type of phishing as it goes after the whales – the big fish in the corporate world. Whaling usually attack the CEO, CFO or any Cxx within an industry. These attackers would conduct a message to the CEO, CFO or Cxx about something which can have a major negative impact on the company and its reputation; for example, they would say the company is being sued.
Smishing: Smishing focuses on shorter message to pull your attention immediately in the form of a text message, rather than an email. One of the most common scenarios’ is a message from which looks like your personal bank, but instead it is from an attacker trying to get ahold of your bank account number.
Vishing: Here, the spelling and pronunciation tells us more about how this attack usually would take place. Phishing – now Vishing is happening through a Voice call.
Email phishing: Lastly, and also the most common type of phishing since the 1990’s. Hackers don’t mind whom they send the phishing emails to, so their target is anyone and everyone – including YOU and ME. An easy way to identify this kind of attacks is through the use of the English language – it is usually unclear or incorrectly used. Apart from the grammar (which can also be carefully crafted), checking the email source and the link that you’re being directed to can give you a fairly accurate indication as to whether the source is suspicious.
What are some simple, easy ways everyone can take precautions to prevent phishing attacks?
- BE AWARE! Know what a phishing scam looks like.
- Direct translation from the Afrikaans proverb; “Die makste hond byt die seerste.” – The most tamed dog attacks the most dangerously. This is relevant to phishing attacks too. Even if you know the sender, it is not advisable to click on a link in the email or instant message.
- Get free anti-phishing add-ons. See the reflection of the phishing pole before the phishing hook can even hits the water.
- Better to be safe than sorry. If a website doesn’t start with “https”, or you cannot see a closed padlock icon next to the URL, do not enter any sensitive information nor download files from that site.
- Update passwords regularly.
- Don’t ignore updates from your browser, they can prevent the risk of phishing attacks.
- Install firewalls – this will act as a shield between your computer and the attacker.
- Ignore pop-ups as far as possible.
- Unless you trust the site 100%, do not willingly give out your card information.
- Get the best medical aid for your computer – the data security platform. If an attacker has access to your sensitive information, data security platforms can help to identify the affected account so that you can take actions to prevent further damage.