If you’ve ever used the internet in any capacity, chances you’ve heard the phrase “phishing scam.” That’s because it’s a prominent cybersecurity issue that’s been around for a long time. And, despite the advancements in data protection and anti-virus software, phishing is still effective.
That’s because phishing is a form of social engineering. It’s basically an email or text message “acting” as a legitimate person and/or institution. Thus, it doesn’t hit the same barriers as something like malware might.
Instead, phishing relies on tricking a person to reach its goal. It does this in a variety of ways, depending on a few factors. Sometimes, it’s an email from a “friend” who may have had their address hijacked. Or, it’s a lucrative offer that sounds too amazing to be true (think the good old-fashioned Nigerian prince scam).
Other times, it’s a legitimate looking alert from an account. This could be anything, from an Apple address to even PayPal banking!
And that’s just the surface. Hackers have devised all sorts of messages and methods to try and pull critical information from you. The only way to protect yourself is scrutiny and a little critical thinking.
Identifying the Phishing Message
Catching one of these scams sounds easy, right? After all, it’s probably just nothing but junk mail.
While thinking this is somewhat accurate, phishing emails have evolved in their complexity. Sometimes, it’s not immediately obvious you’ve encountered a phishing email.
An example comes from the PayPal email previously mentioned. In this message, a user receives an alert that an unauthorized transaction has occurred on their account, complete with official looking imagery. At first glance, it seems real.
Worse yet, the message is imposing an idea of limited time, a common theme among phishing scams. So, alarmed that some kind of transaction occurs, it “guides” the reader to a resolution by having them click on a link. This is another characteristic of phishing emails: hyperlinks.
Once selected, you’re prompted to login. But, this login page isn’t an official PayPal page. The user, not paying attention to the HTML link, would put in their login info. Unfortunately, they’ve given it away to a malicious third party.
However, taking some time, a user could identify various errors within the message. For example, the sender is important to look at. Additionally, phishing emails tend to be rife with grammar errors, sudden syntax changes and spelling mistakes. Some are easier to catch than others, but they do exist.
Also, remember that any institution will ask you to log into your account on your own terms, not from the message itself. This is key in rooting out official looking messages, which turn out to be malicious in design.
Other factors to keep an eye for are:
- Messages with attachments
- Strange senders/unknown senders
- Forged images
- Urgency (this deal is a limited time offer!)
Keep these in mind and you’ll protect yourself from even the most nefarious phishing scam.
