Phishing is a type of hacking that targets users on the web by impersonating legitimate businesses and organizations. Phishing attacks are done in order to lure the targeted individual into providing personal and potentially sensitive information. Often times this information is in correlation with personal identification, banking and credit card details, passwords, and other important information. In some cases, these attacks can result in identity theft and financial loss, and knowing how to recognize and avoid phishing attacks is critical!
Phishing attacks usually include a link that will appear as though it will take you to a business or organization website that you are familiar with. It will then prompt you to enter your personal information.
Types of Phishing Attacks
There are many forms in which phishing can occur, though the following 5 forms are the most commonly seen:
- Email phishing – the most common form of phishing attacks. Attackers will register domain names similar to well-known businesses and organizations used to send emails to targets. These domains typically involve a small character difference, such as replacing the “m” in “.com” to an “rn” for a similar appearance.
- Spear phishing – a more advanced form of email phishing. Attackers will target a specific individual already knowing some information about the victim such as their name, place of employment, etc. Targets are more apt to fall for the attack in this scenario due to the attackers use of their personal information.
- Whaling – another advanced form of email phishing done specifically to imitate senior executives of well-known businesses. These email scams will involve fake tax returns and other types of tax forms to obtain extremely valuable information, such as Social Security numbers.
- Smishing and vishing – making use of malicious text messages and phone calls to target individuals. Fraudulent investigators are the most common.
- Angler phishing – specific to social media. This form of phishing will make use of websites URL’s, blog posts, social media comments, posts, tweets, etc. to lure viewers into providing sensitive information or to download malicious content.
How Do You Protect Yourself?
Unfortunately there is no way to keep yourself entirely safe from phishing attacks. They are inevitably going to occur however, there are a few precautions you can take to keep yourself safe from these attacks.
- Be cautious about the emails, text messages, phone calls, etc. that you receive. If any appear to be a phishing attack, do not respond or click the provided link.
- Do not open any provided attachments.
- Do not enter any personal information in a pop-up screen. Legitimate organizations do not ask you to enter sensitive information inside a pop-up.
If you have any additional questions about phishing and how to protect yourself, please reach out to our BigScoots team. We’re always very happy to help. 🙂
Written by Katie
Marketing and Client Success Manager