Phishing is one of the most common forms of cybercrime. According to Mimecast’s State of Email Security 2020, 58% of organizations witnessed an increase in phishing attacks in the past one year.
FBI’s Internet Crime Complaint Center also reported more than $3.5 billion in losses to phishing scams in 2019. The victims included individuals as well as businesses.
Let’s take a look at what phishing is, how you can identify it, and what you can do to prevent it from affecting your systems.
What Is Phishing?
Phishing is a fraudulent attempt to access confidential information or data. This information includes usernames, bank account numbers, passwords, and credit card as well as financial details.
Scammers pose as trustworthy individuals or organizations and trick you into giving them your personal information. The common modes of carrying out phishing attacks are email and text messages.
How to Identify Phishing Scams?
You can recognize phishing scams by noticing certain signs in emails and text messages. Watch out for the following:
- Domain Name Is Different:
All reputed organizations use their email domain to send out messages to their customers. For instance, a genuine email from PayPal will come from an email address like “[email protected]”
In other words, if the domain name uses the company’s name, the email can be considered authentic. To be absolutely sure, you can check a company’s domain name by typing the organization’s name in a search engine.
Scammers usually use domain variations that resemble the authentic email address of a company in some way. For instance, the actual domain name of the brand FedEx is, fedex.com. If hackers try to imitate it, they can change it to fedexs.com or fcdexs.com.
To identify a phishing attempt, you can adopt the DMARC (Domain-based Message Authentication, Reporting & Conformance). DMARC makes use of Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) to decide on the authenticity of an email.
- Asks for Personal Information:
Renowned brands will never ask your personal information through email. Beware of any messages asking you to enter or verify your sensitive details such as credit card or bank particulars.
- Grammar and Punctuation Are Incorrect:
Major brands work with copywriters who create impeccable, error-free emails. From the subject line and email copy to the calls-to-action and formatting, everything is well-crafted. In short, their emails are professionally written.
If the email you receive claims to have come from a huge brand but contains poor grammar or punctuation, it is probably written by scammers. Such fraudulent emails also have an illogical content flow. This is a huge red flag.
- Message Creates an Unreasonable Sense of Urgency:
Phishers leverage the feeling of FOMO, i.e. fear of missing out. They set urgent deadlines and send you emails that compel you to take immediate action.
For example, a hacker can send you an email telling you that your account is hacked. They may also send you a renewal email about a seemingly expiring insurance policy. They might even try to trick you through a limited period deal or discount.
The links placed in these phishing emails take you to fake websites controlled by the attacker. These sites ask you for your personal and financial information. Once you enter your details, they steal this information for misuse.
- Appearance Of Pop-Ups:
Pop-up phishing enables pop-ups to appear with a fraudulent message when surfing a website. Hackers target genuine websites by infecting their pop-ups with malicious code.
These pop-ups might give you a fake warning about the security of your computer. They can further ask you to download certain tools to fix this issue. These tools can be malware themselves. They can even take you to phishing websites.
- Links Are Shortened
Shortened links do not display a website’s real name. Hackers can use shortened links and redirect you to bogus lookalike websites. For instance, https://www.google.com/maps/d/u/0/viewer?gl=US&ie=UTF8&oe=UTF8&msa=0&mid=1qqg24F8Al_Uq2Bieu9cDHur_Cas&ll=40.748492%2C-73.98569900000001&z=17 can be changed to https://tinyurl.com/yxkt9hth
How to Prevent Phishing Scams?
Here are a few steps that you can take to protect yourself from phishing attacks.
1. Use Anti-Phishing Toolbars:
You can customize your browser with anti-phishing toolbars. These toolbars check the sites you are visiting and compare them with a list of known phishing sites.
These toolbars will notify you about malicious websites as soon as they stumble upon them.
2. Update Your Browser Regularly:
Popular browsers release security patches all the time. The correct and counter the security loopholes that phishers can discover and exploit. These loopholes include SQL injection, URL manipulation, unauthorized data access, denial of service, and cross-site scripting.
Whenever you get a message about updating your browser, make it a point to download the update and install it immediately.
3. Use Multi-Factor Authentication:
Multi-factor authentication provides security by adding an extra layer of verification when logging into a website or open an application.
Apart from asking for your username and password, multi-factor authentication asks you for additional credentials before providing access to your system, accounts, and information. These credentials include a one-time password from your mobile device and the answer to a security question.
When phishers fail to provide the additional information, they will not be able to access your account or system. So, even if your security is compromised, multi-factor authentication can prevent the misuse of your credentials.
4. Refrain from Using Public Networks:
Communication sent over a public network is not encrypted. Scammers can exploit this loophole to extract critical information, such as account username and passwords, being exchanged/used over these networks.
You can prevent this by making use of your mobile phone’s tethering and hotspot features rather than depending on public networks.
5. Check the SSL Certificate of the Target Site:
The SSL (Secure Sockets Layer) certificate prevents hackers from stealing important information related to your bank accounts, credit cards, addresses, and security question answers.
You can check the SSL credential of a website with the help of an SSL checker. If the target site does not have a valid SSL certificate, refrain from clicking on it.
6. Use Firewall:
A firewall protects your computer from outside online intruders. It isolates your system from the internet through a wall of code.
The wall of code analyzes each data packet that arrives at either side of the firewall by checking for the source and destination IP addresses. If the packet is sent from a malicious source, the wall of code blocks it to prevent phishing.
7. Hire a Managed IT Services Provider:
You can hire a managed IT services provider to get the ultimate protection from phishing scams. MSPs can give you instant and fortified IT support as a part of their wide range of cybersecurity services. These services also include advanced spam filtering, security awareness training and testing, and DNS (Domain Name System)-based web filtering, among others.
Managed IT services providers can also ensure IT cybersecurity compliance through adherence to HIPAA, PCI-DSS, GDPR, and more. This helps safeguard the confidentiality and integrity of your data from security breaches and phishing attacks.
The growth of phishing attacks is a severe threat to the security, integrity, and privacy of individuals and organizations. You need to be vigilant and protect your information from falling into the wrong hands as that can have disastrous consequences.