Something’s Phishy: How To Spot And Avoid Phishing Attacks
You’ve got an email from your bank, clicked the link inside it and filled in some details. Before you know it – you’ve been robbed and your hard-earned savings are gone with the wind.
How did it happen? Was it the bank that stole your money? That’s unlikely. Then how did the email look so real and who’s behind the fraud?
Unfortunately, you’ve been scammed, and the name of this scam is – phishing.
According to the FBI, phishing attacks almost doubled from 2019 to 2020.
The sad reality is that every internet user may sooner or later fall victim to phishing scammers.
Let’s look into some theoretical and practical advice on how not to become an easy target for cybercriminals.
Phishing requires victim cooperation
Phishing attackers are the confidence tricksters of online communication, who induce their victims to hand over their money, or some data that gives access to it.
While a pure hacker is like a burglar who sneaks in and steals the contents of your house, a phishing criminal is a guy who persuades you to give him the key to your house for safekeeping, and then robs you of everything you’ve got.
The fraudsters will often create a sense of urgency to shock you into acting as quickly as possible, e.g. with a warning about a threat to your computer or bank account.
The one common element in all phishing attacks is that the victim inadvertently does something to enable the fraud.
It’s not who you think it is
Phishing attackers may claim to represent your bank, tech support from a well-known IT firm, an e-commerce company – anything that gives them the opportunity to steal your money.
One survey found these to be the top brands the attackers impersonated in 2021:
- Microsoft – 45%
- DHL —26%
- Amazon —11%
- Best Buy — 4%
- Google — 3%
Here are some of the most popular types of phishing attacks.
Types of phishing attacks
The email link
What it looks like: This can take many forms, but what they all have in common is that the fraudsters send you an email where they misrepresent their identity. It always includes a link where your data will be stolen if you click on it, usually by putting malware on your computer.
How to avoid it: Check the address of any email you get. Don’t click on any link till you’re sure it’s from a trusted source. Right-click and save the link address, then paste it into a text file where you can view it. If in doubt, ignore and delete the message.
If the message doesn’t look right, block the sender. Don’t click Unsubscribe, as this button may also be a trap to infect your computer or send more spam.
The e-commerce scam
What it looks like: You get an email telling you an item has been purchased by you on a well-known e-commerce site. There’s a link to contact them for a refund.
The scammers then pretend they refunded you too much (e.g. $5,000 instead of $500) and ask you to send them back the excess funds via PayPal or some such method.
How to avoid it: When clicking on a link to contact any company, check the URL to ensure it’s legitimate. If in doubt, contact the company via their website.
The tech support scam
What it looks like: You click on a link on an unsafe site and suddenly a warning pops up saying your computer has been infected with a dangerous virus. You’re given a number to ring for tech support.
If you’re lucky, you’ll only be sold worthless software that doesn’t have any effect. In a worst-case scenario, the fraudsters put ransomware on your device or a keylogger that gives them your passwords and financial details.
How to avoid it: Always ignore these warnings about your computer being infected, and avoid visiting any site where they pop-up. If it gets into your browser and continues to pop-up, you need to reset the browser to get rid of it.
When you see a tech support link for any IT company, always check the URL to ensure it’s legitimate, and watch out for URLs looking almost like the real thing, e.g. google.support.com. And never allow an agent access to your computer.
The bank scam
What it looks like: You get an email or phone call warning you of some security problem that needs to be dealt with immediately.
Usually, you are then asked to reveal your password and/or PIN as an emergency measure to secure your account. The fraudsters may tell you to transfer your funds to what you are assured is a safe account until the security breach is fixed. Your money then disappears.
How to avoid it: If you get any communication claiming to be from your bank, check the source against its website contact information. If it’s a phone call, hang up and tell them you need to check, and disregard any warnings that it’s too urgent for that. If it’s an email, check the address before you open it.
Never reveal your password, PIN, or one-time security code. Bank staff never ask for these details unless you’re talking to them face to face on their business premises.
The crypto scam
What it looks like: Phishing attackers have been busy harvesting wallet keys and other confidential data to steal cryptocurrency. An estimated $9m a day is stolen in crypto scams.
One trick is to tell victims they will double their crypto if they send it to a celebrity. In six months of 2020-2021, $2m was sent to Elon Musk impersonators. If you invest in cryptocurrency, take the usual anti-phishing precautions.
How to avoid it: To keep your cryptocurrency security offline, you can create a physical wallet that safeguards your keys from online predators. Beware of any fantastic-sounding cryptocurrency investment opportunities. Scammers often take the trouble to create fake threads on social media to boost fraudulent offers.
Oh, and that guy promising to double your bitcoin is definitely not Elon Musk. Nobody became a billionaire by giving away money to strangers on the internet.
Other helpful advice on how to avoid a phishing scam:
- Have a different password for every account you log into. Keep a list of your passwords offline or invest in a reputable password manager.
- Have a private email address that you use only for personal correspondence and financial matters. Use a different account for online forums, social media, and other places where it’s more likely to be shared.
- Remember, most scams don’t start out by asking you for money. Quite the contrary. Beware of messages claiming you were overcharged by somebody.
- Invest in other cybersecurity measures. Using a virtual private network will mask your IP address and encrypt your data. Download the Surfshark VPN to reduce the risk of data leaks and prevent your sensitive information from reaching hackers.
The communications revolution has made banking, shopping, and booking easier than it ever was. It’s a huge advance that improves the lives of millions.
Yet, you have to be cautious, while online. Taking sensible precautions will keep you safe.
Always keep your cool, and don’t be rushed into action by someone claiming there’s an urgent problem. Fraudsters exploit people’s tendency to panic.
Even if you find you’ve been phished, all may not be lost if you act fast. Change your passwords, call your bank – whatever is necessary. If your computer has been infected, take it to be repaired immediately.