What is phishing?
Bad news. You’re the fish (phish). And a lot of nasty people are dangling bait in front of you every time you go online. The phishermen want sensitive information like your passwords, usernames, and credit card details, and the tactics they use can be hard to differentiate from the innocent decisions we use online every day; responding to social media messages, opening websites, or communicating with people and organisations we trust. It sounds bleak but there’s some good news; it’s up to the phish as to whether it bites the hook or not. Here are three of the most common tricks of the phishermen and how you can avoid them.
Deceptive phishing is the original and most common form of phishing used on the web today; there’s probably several in your junk email folder right now. The con involves sending emails, social media messages, text messages, or even making phone calls that look and sound like they are from a legitimate company. The messages usually have an attention-grabbing subject such as “There is a Problem with your Package”, or “Your Account has been Frozen”, designed to panic you into opening the message and providing the fraudsters with your information.
Spear phishing works in a very similar way but is targeted at specific persons and businesses – often involving collecting and using genuine information to make it more likely you will fall for it. These tactic can thus be harder to detect than your average phishing scam. Hilary Clinton’s 2016 presidential campaign was perhaps the highest profile victim of spear phishing. For support and information on how you can avoid such attacks, follow CloudM on Twitter,
Clone phishing involves a legitimate, and previously delivered, email containing an attachment or link that has had its content and recipient address(es) used to create a cloned email that on quick glance can appear identical to the genuine original. almost identical or cloned email. However in the clone the genuine attachments or links have been replaced with malicious versions and then sent from an email address that appears to be the original sender (usually by having a similar sounding name) The clone often claims to be a resend of the original or an updated version.
The fraudsters hope to exploit your trust in the original sender and open their clone, installing a virus on your machine or providing them with your sensitive information.
It’s easy to think of a conman sitting in a little room somewhere on the other side of the world, sending out phishing emails by the thousand, but sometimes they can be sitting only a few tables away, whilst you enjoy a coffee, or wait for that business flight. The Evil Twin attack involves fraudsters creating a fake public wireless account of the type found in coffee shops, hotels, and airports and trains. The fake account will have a name that appears similar to the legitimate public network in the hope the victims will connect to it without thinking. Now connected to your computer, the fraudsters can capture your sensitive information such as passwords and payment card details.
Phishing attacks rely on your involvement to be successful, usually that you will respond without checking who you are responding to. Don’t let them panic you into reacting, and equally don’t be complacent when replying to an email or connecting to a network that appears suspicious. The internet age old advice will always be relevant here – if you get an email or message you think is suspicious, or seems too good to be true- don’t open it.