Don’t Be Tricked by Phishing and Smishing

When you think of hackers, scammers, and other cybercriminals, you probably envision threat actors sitting in front of their computers distributing viruses, rootkits, ransomware, spyware, and other kinds of malware.

Phishing is a way people with malicious intent trick people into installing malicious software. But sometimes, phishing doesn’t involve malware at all.  

What Is Phishing?

A phishing email is a fake email sent to countless people that usually either presents an offer that’s too good to be true or employs alarmist language.

For example, a phishing email may state that your computer has a virus infection or that your bank account is hacked. It may also contain an unsafe link that carries a malware infection or leads you to a fake website.

The fake website may look authentic, but you may notice formatting or grammatical errors when you look closer.

In addition, the website may ask for your username and password, credit card information, or other sensitive information. Before you know it, you’ve fallen for the phishing trap.

Such fraudsters can use your confidential information to break into the following kinds of accounts:

• Social media
• Email
• Banking
• Online shopping
• Video streaming

What Is Spear Phishing?

With more people learning how to spot attempts at regular phishing, hackers are upgrading their attack methods. Spear phishing is a more targeted type of phishing customized to deceive a person or a specific group of people.

Hackers can make phishing emails appear more convincing by studying your social media pages and designing a more compelling phishing attack.

For example, they may learn about your banking habits from your Facebook posts and send you fake emails from your financial institution.

Alternatively, they may notice that you’re travelling and create an email from your airline or travel agent.   

More sophisticated cybercriminal gangs can target organizations with spear phishing to launch ransomware attacks. First, they may go through a company’s list of employees and select what they deem to be a vulnerable mark.

Next, they could take weeks to social engineer an effective spear-phishing campaign.

Their goal is simple. Dupe an employee into downloading ransomware on an organization’s computer.

While the target may believe they’re upgrading company software or looking at a client’s documents, they’re actually installing crippling malware.

What Is Smishing?

Many smartphone users want to know: what is smishing and how can it put my financial security at risk? The word smishing is a mishmash of SMS and phishing.

It’s like phishing, but for your mobile device. Smishing has escalated significantly with the pandemic as more people use their mobile phones to order food and other items.

Usually, smishing is a text message that carries a suspicious link. It’s a bad idea to click a smishing link, even out of curiosity. Even if you don’t willingly share your data, you could automatically download malware that compromises your phone.

Please learn how to spot phishing and smishing to enhance your security. You may also want to use anti-malware tools that protect you from malicious websites, emails, and malicious software.

Proactive and trustworthy cybersecurity software that monitors your apps, emails, and browsing activity only for phishing, malware, and other attempts at fraud can be a helpful defense mechanism.

What if I Am the Victim of Phishing?

As human beings we’re prone to making mistakes. Even if you learn to spot phishing, you may fall prey to a phishing campaign if your brain is on autopilot or if the phishing campaign is particularly convincing.

For example, some phishing emails look remarkably authentic. The fake websites they lead to are also well designed with URLs that look close to the real ones. Take the following steps immediately if you’re the victim of phishing:

• Let your employers know quickly if the phishing attack targets your company
• Contact your financial institution if you have shared your banking information
• Deactivate your credit cards if they’re compromised
• Change your passwords
• Set strong passwords that are long and carry numbers and symbols
• Enable two-factor authentication to protect your accounts
• Run anti-malware software to scan for malicious software

If a phishing email tricked you into shopping on a compromised platform, then you should also monitor your credit report for red flags.

Loans in your name and credit cards you didn’t apply for are just some of the warning signs that a hacker stole your confidential data. The best way to shield yourself from such dire consequences is to adopt safe computing habits.