Cybercriminals want your personal details so they can commit online fraud. They look up people online, obtain their contact details, and get to work.
Phishing is a common way for them to get the information they want. Emails or text messages claiming to be from various agencies often have a link included that takes you to a site that gives them access to your system and all its data.
Once a hacker has your details, they can create a fake identity based on your data, then use it to get loans or purchase items. Of course, they’re never paid for, and you find yourself with a bad credit rating.
Here are some commonly used phishing scams to be aware of.
Email Phishing
The most widely used type of phishing is via email. Even though this practice has been around since the ‘90s, people still get caught every day.
They usually appear to come from Apple or Microsoft (depending on your operating system) and tell you there’s been a data breach. The only ‘solution’ offered is to click on a link, which of course, allows them complete access to your computer.
Emails of this nature tend to be full of spelling and grammatical errors and can be easy to spot for anyone aware of them.
Sextortion
A more recent form of email phishing is nicknamed sextortion. Hackers send emails advising that they have access to your webcam and have videos of you watching or interacting with adult content. They threaten to send a copy of the video to your family or friends unless you pay money or provide personal details.
Spear Phishing
Targeted at company administrators or their legal departments, spear phishing is a more advanced form.
These more sophisticated emails appear to come from government or corporate agencies such as the Better Business Bureau. The topic of the email is that the company has breached some kind of standard and is being investigated.
The hacker’s link is introduced as either an example or an explanation of the breach. Company information is requested from a page inside the link, or a trojan horse is downloaded into the business’ system.
Whaling
Similar to spear phishing, whaling goes after the ‘whales’ of the company, CEOs, CFOs, and COOs.
The email indicates that the company may face legal consequences unless action is taken. The hacker’s link may ask for confidential business information or request funds to be paid to them to make it ‘go away.’
Smishing
Instead of coming via email, smishing scams happen via SMS. The most common ones pose as a financial institution claiming that your account has been compromised. They request your current account details and passwords, suggesting they’ll secure your account.
They now have access to your internet banking and can access all your personal information.
Vishing
The final type of phishing is done by voice — hence the V. A person posing as a bank or tech company employee will ask for usernames and passwords to assist you with some form of a fake data breach.
They may ask if they can send you an electronic file, which will install itself on your computer and steal whatever information it can.
Once they have this data, your personal details are no longer safe.
How to Avoid Being Phished
Tech companies and financial institutions rarely contact individuals to advise of a security breach. If so, they’ll never ask for username and password details. Phishing emails can usually be spotted for their poor writing.
The golden rule is to never click on a link in a random email. Always check the address of the sender. Financial institutions and tech companies don’t let employees contact customers from personal email accounts.
Don’t Become a Phish
To avoid your identity being stolen, be on the lookout for phishing scams.
Email scams will target random individuals or specific company executives. The end result is always the same, to get the recipient to click on a link or give up personal details.
Phishing isn’t limited to emails; sms and voice messages act similarly.
Be on the lookout for these, don’t ever provide usernames and passwords, and never click on any links.