Perhaps what makes both phishing and vishing such an imminent threat is the ability for hackers to pinpoint certain pieces of personal information with alarmingly high success rates.
What is ‘Phishing’?
“Social engineering” is a term for attempting to manipulate or trick a computer user into exposing sensitive information. Phishing is one of the most common examples of social engineering. Other examples include but are not limited to malware and network attacks.
Often a “phisher” will disguise themselves under an institution or as an individual attempting to seem credible and legitimate. Their goal is to sponge login credentials or other personal information such as a social security number in conjunction with attempting to download malicious malware that can then be used to consume your computer or potential your network.
“Phishers” will stop at nothing to get what they want, and their tactics are becoming increasingly complex every year.
- Unfamiliar Tone. One of the telltales of phishing attempts can be the language used. Often this appears as a colleague or business partner employing a tone that seems over familiar or too formal. If an email or message seems strange, when in doubt look for other indicators such as the following.
- Grammar. Spelling errors are one of the more common signs of phishing. Most professionals and businesses operate on some sort of spell check. If the message you receive is ridden with flaws, then odds are it could be an attempt to “phish” your personal information.
- Inconsistencies. Inconsistencies in the email addresses, links and domain names are also red flags. If you compare it to previous emails or verify the domain of the links, you may notice there are discrepancies. Do not engage, rather report it as fraud and alert your colleagues of the same message.
- Suspicious Attachments. If you are not expecting a file attachment from a recipient and if it is commonly associated with malware downloads (i.e. .zip, .exe, .scr, etc.-) then recipients should immediately flag the message to be virus-scanned or discarded entirely.
Phishing attacks are impossible to control as a form of “social engineering”. In order to prevent these cyber-attacks, you must employ mitigation strategies which will aid in preventing them from occurring in the first place.
Take your time before clicking on any links or attachments. Always double check the information presented before engaging with the sender and NEVER share your credentials or personal information via unencrypted messaging or a source you are unfamiliar with.