Phishing Attack 101

Phishing Attack 101
Image from Google: Phishing

We’ve recently interviewed our friend, Julia Campbell, who’s a Tech Expert for All Home Connections, to know more about one of the most common, most devious kinds of cybercrime: phishing.

Basically, phishing is the fraudulent bid of a cybercriminal to acquire any sensitive data by moonlighting as a trustworthy entity online. These information vary from usernames and passwords, to credit card numbers and other banking details. Victims are often contacted through email, but sometimes these digital delinquents use more traditional communication tools like telephone calls or texts.

At PA Guard, we make it a point to protect your overall wellbeing, which is why we’ve asked help from the aforementioned All Home Connections’ Julia Campbell in terms of educating us about phishing. Here’s what she had to say:

What Are The Most Common Kinds of Phishing Attacks?

Email Phishing Attacks

Email phishing attacks are when cybercriminals send emails posing as a legitimate organization or cooperation and try to persuade people to share sensitive information (e.g., social security numbers, logins, passwords, birthdays, etc.). Hackers generally conduct email phishing attacks en masse in an attempt to collect as much information as possible. 

Malware Attacks

Malware phishing attacks consist of an email or text message with a corrupted link or file attached. Once downloaded or clicked on, the link will download malware onto computers, tablets, and phones alike to hack into each device. To date, malware phishing attacks are the most persuasive and difficult to spot. 

Angler Phishing Attacks

Angler phishing attacks involve the use of social media accounts to convince people to share sensitive information in the form of an instant message, direct message, or tweet. 

Pharming Attacks

Pharming attacks direct internet traffic to spoofed or illegitimate web pages, enticing users to enter or share private information (for example, a fake online banking login page). Pharming is also known as DNS poisoning.

Malvertising Attacks

Malvertising attacks use digital ad software to implant malicious code into seemingly normal ads. Once users click on the ad to learn more, their devices become vulnerable to hacking.  

Voice Phishing Attacks (Vishing)

Voice phishing attacks—otherwise known as vishing attacks—are when hackers call people posing as an accredited company, organization, or government entity. The scammer will try to get personal information such as credit card or social security numbers during the call. 

Smishing

SMS-enabled phishing attacks target smartphones. Smishing attacks involve text messages that contain short links for malicious codes or malware. Smishing attacks typically appear in the form of fraudulent tax warnings, political messages, or giveaway notifications. 

Spear Phishing

Unlike other phishing attacks, which target people en masse, spear phishing targets specific people. Through spear phishing, criminals send personalized and highly targeted emails that contain malware to familiar targets.

Whaling Attacks

Like spear phishing, whaling attacks target specific people—only with whaling, hackers target high-profile people like CEOs and politicians. The scam itself consists of stealing sensitive information from people (e.g., birthdate, credit card information, etc.), usually in the form of a bogus tax return or bank statement.  

Search Engine Phishing Attacks

Search engines, such as Google, utilize both organic search results and paid advertisements. Search engine phishing attacks replace existing high-funnel paid ads or top search results with fraudulent websites designed to steal sensitive information from unsuspecting users (usually in the form of fake transactions). 

Clone Phishing Attacks

In clone phishing attacks, cybercriminals hack into a legitimate person’s email to send malicious attachments, malware, or links to spoofed websites. During clone phishing attacks, hackers typically send emails out to the email owner’s entire contact list.

Man-in-the-Middle Phishing Attacks

During these attacks, a cybercriminal will eavesdrop on two parties via corrupted Wi-Fi networks at libraries or coffee shops. Through eavesdropping, the man in the middle, or the cybercriminal, can search for sensitive information or download malware onto each respective device. 

Business Email Compromise (BEC) Attacks

BEC attacks involve emails posing as someone within an organization. In these emails, hackers use a sense of urgency to persuade people to share sensitive information.

How Can You Avoid Them?

There’s no surefire way to avoid phishing attacks, but the following tips are your best bet to protect yourself against them:

• Do your research before you click on a link in an email. Hover over the link to investigate the address bar (i.e., check to see if the link contains “http://) and compare the email to similar emails you’ve received in the past from the same company, person, or organization. You should also avoid sites with “.ru” in its address bar—this is a well-known sign of a spoofed website. Scan emails for obvious grammatical errors, impersonal greetings, or suspicious messages from people in your contact list you rarely email with.

• Never stay on websites that obviously appear illegitimate, in the same vein as you should never share personal information over the phone or on the internet. If it’s pertinent that you share account information with someone you fully trust, meet with them in person.

• Never ever share your bank account PIN over the phone or anywhere for that matter. Also, check your bank accounts and other online accounts routinely. That way, if you’ve become a victim of a phishing attack, you can report it immediately, put a stop to it, and change your login information.  

• Never answer calls from unknown numbers. Search for phone numbers online to know if who you’re speaking with is legitimate.

• Never click on a pop-up. Download an anti-phishing toolbar and browser filtering extensions to spot suspicious ads and websites.  Check for telltale signs of a legitimate site (e.g., http://, green check in URL bar, etc.). Install firewalls on your network and desktop.  Install antivirus software on your desktop.  Routinely update your devices or use cloud-based software (which updates itself).  Hackers continue to come up with newer and more sophisticated ways to hack people and organizations, so the more up-to-date you remain on phishing scams, the better.

Leona Rankin
Founder Leona has worked for years as a Corporate Security Manager until she decided to form the company. She deemed all information regarding security should be regarded as a necessity, especially nowadays where threat may be imminent everywhere, whether in the physical, or the digital world.