Knowledge

Don’t fall prey to phishing scams  June 2021

Don’t lose your hard earned cash to a Phishing Scam

Phishing prevention has become essential as more criminals turn towards online scams to steal your personal information. Since you will likely be exposed to a phishing attack eventually, you’ll need to know the red flags.  Because scams are nothing new on the web, but phishing is harder to spot than you might think.  Across the web, phishing attacks have baited unsuspecting victims into handing over bank info, cash, and more. If you so much as click a link, you could be the scammer’s next victim.

What is Phishing?

Phishing persuades you to take an action which gives a scammer access to your device, accounts, or personal information. By pretending to be a person or organisation you trust, they can more easily infect you with malware or steal your credit card information.

In other words, these schemes “bait” you with trust to get your valuable information.  These schemes may urge you to open an attachment, follow a link, fill out a form, or reply with personal info.  You must be on guard at all times which can be exhausting.

These threats can get very elaborate and show up in all types of communication, even phone calls. The danger of phishing is that it can deceive anyone that isn’t on guard.

Let’s unpack how phishing attacks work.

How does Phishing work?

Anyone who uses the internet or phones can be a target for phishing scammers.  Phishing scams normally try to:

  • Infect your device with malware
  • Steal your private credentials to get your money or identity
  • Obtain control of your online accounts
  • Convince you to willingly send money or valuables

Sometimes these threats don’t stop with just you. If a hacker gets into your email, contact list, or social media, they can spam people you know with phishing messages seemingly from you.  Trust and urgency are what makes phishing so deceiving and dangerous. If the criminal can convince you to trust them and to take action before thinking — you’re an easy target.

Who is at risk of Phishing Attacks?

Phishing can affect anyone  – everyone from the elderly to young children are using internet devices nowadays. If a scammer can find your contact information publicly, they can add it to their phishing target list.  Your phone number, email address, online messaging IDs, and social media accounts are harder to hide nowadays. So, there’s a good chance that just having one of these makes you a target.

Spam Phishing

Spam phishing is a broad net being thrown to catch any unsuspecting person. Most phishing attacks fall into this category.  To explain, spam is the electronic equivalent of the ‘junk mail’ that arrives on your doormat or in your postbox. However, spam is more than just annoying. It can be dangerous, especially if it’s part of a phishing scam.

Phishing spam messages are sent out in mass quantities by spammers and cybercriminals that are looking to do one or more of the following:

  • Make money from the small percentage of recipients that respond to the message.
  • Run phishing scams – in order to obtain passwords, credit card numbers, bank account details and more.
  • Spread malicious code onto recipients’ computers.

Spam phishing is one of the more popular means that scammers get your info. However, some attacks are more targeted than others.

Targeted Phishing

Targeted phishing attacks usually refers to spear phishing or it most common variant whaling.  Whaling takes on high-level targets, while spear phishing widens the net. Targets usually are employees of specific companies or government organisations. However, these scams can easily be aimed at anyone seen as particularly valuable or vulnerable.

You might be targeted as a customer of a targeted bank, or an employee of a healthcare facility. Even if you’re just responsive to a strange social media friend request, you might be phished.  Phishers are much more patient with these schemes. These personalised scams take time to craft, either potentially for a reward or to increase the chances of success.  Building these attacks may involve gathering details about you or an organisation you happen to be involved with. Phishers might take this information from:

  • Social media profiles
  • Existing data breaches
  • Other publicly discoverable info

Moving in for an actual attack might be swift with an immediate attempt to encourage you to take an action. Others might build a connection with you for months to earn your trust before the big “ask.”  These attacks aren’t limited to direct messages or calls — legitimate websites might be hacked directly for a phisher’s benefit. If you’re not careful, you might be phished just by logging in to site that is normally perfectly safe.  Unfortunately, it seems many people are convenient targets for these criminals. Phishing has become a new “normal” as these attacks have ramped up in frequency.

Some examples of common Phishing scams

Whilst it would be impractical and impossible to list every known phishing scam here, there are some more common ones you should definitely look out for:

Iran Cyberattack phishing scams use an illegitimate Microsoft email, prompting a login to restore your data in attempts to steal your Microsoft credentials. Scammers use your fear of being locked out of Windows and the relevance of a current news story to make it believable.

Office 365 deletion alerts are yet another Microsoft-related scam used to get your credentials. This email scam claims that a high volume of files have been deleted from your account. They give a link for you to login, of course resulting in your account being compromised.

Notice from bank. This scam tricks you with a fake account notification. These emails normally give you a convenient link which leads to a web form, asking for your bank details “for verification purposes.” Do not give them your details. Instead, give your bank a call as they may want to take action on the malicious email.

Email from a ‘friend’. This scam takes the form of a known friend who is in a foreign country and needs your help. This ‘help’ normally involves sending money to them. So, before you send your ‘friend’ money, give them a call first to verify whether it’s true or not.

Contest winner/Inheritance email. If you’ve won something unexpectedly or received an inheritance from a relative you’ve never heard of — don’t get too excited. Most of the time these emails are scams that require you click on a link to enter your info for prize shipment or inheritance ‘verification’.

Coronavirus/COVID-19 phishing scams are the latest.  One of the most notable is the Ginp banking trojan which infects your device and opens a web page with a “coronavirus finder” offer. It baits people into paying to learn who is infected nearby. This scam ends with criminals taking off with your credit card info.

 

Steps to protect yourself from Phishing

Internet protection starts with your mindset and behaviour toward potential cyberthreats.  Even for cautious users, it’s sometimes difficult to detect a phishing attack. These attacks become more sophisticated over time, and hackers find ways to tailor their scams and give very convincing messages, which can easily trip people up.

Here are a few basic measures to always take with your emails and other communications:

  1. Employ common sense before handing over sensitive information. When you get an alert from your bank or other major institution, never click the link in the email. Instead, open your browser window and type the address directly into the URL field so you can make sure the site is real.
  2. Never trust alarming messages. Most reputable companies will not request personally identifiable information or account details, via email. This includes your bank, insurance company, and any company you do business with. If you ever receive an email asking for any type of account information, immediately delete it and then call the company to confirm that your account is OK.
  3. Check email addresses.  Some replicate very closely the ‘real’ email addresses of companies – some just use a gmail address – a sure sign that it’s a scam.
  4. Do not open attachments in these suspicious or strange emails — especially Word, Excel, PowerPoint or PDF attachments.
  5. Avoid clicking embedded links in emails at all times, because these can be seeded with malware. Be cautious when receiving messages from vendors or third parties; never click on embedded URLs in the original message. Instead, visit the site directly by typing in the correct URL address to verify the request, and review the vendor’s contact policies and procedures for requesting information.
  6. Keep your software and operating system up to date. Windows OS products are often targets of phishing and other malicious attacks, so be sure you’re secure and up to date. Especially for those still running anything older than Windows 10.

Reducing your spam to avoid Phishing

Here are some more useful tips – from Kaspersky’s team of Internet security experts – to help you reduce the amount of spam email you receive:

Set up a private email address. This should only be used for personal correspondence. Because spammers build lists of possible email addresses – by using combinations of obvious names, words and numbers – you should try to make this address difficult for a spammer to guess. Your private address should not simply be your first and last name – make it hard for scammers to guess.

Set up a public email address. Use this address when you need to register on public forums and in chat rooms, or to subscribe to mailing lists and other Internet services. Treat your public address as a temporary address. The chances are high that spammers will rapidly get hold of your public address.  Don’t be afraid to change your public email address often.

Phishing and the importance of Internet Security Software

One of the simplest ways to protect yourself from becoming a victim of a phishing scheme is to install and use proper Internet security software on your computer. Internet security software is vital for any user because it provides multiple layers of protection in one simple-to-manage suite.

Anti-spam software is designed to protect your email account from phishing and junk emails. Anti-malware is included to prevent other types of threats. Similar to anti-spam software, anti-malware software is programmed by security researchers to spot even the stealthiest malware. By using an anti-malware package, you can protect yourself from viruses, Trojans, worms and more.  By combining a firewall, anti-spam and anti-malware into one package, you can provide extra backups that keep your system from being compromised, if you do accidentally click on a dangerous link. They are a vital tool to have installed on all your computers as they are designed to complement common sense.  In addition to having virus protection software on your computer, it is crucial to use a password manager to manage your online credentials. Today, it is vital to have different passwords for all websites. If a data breach ever occurs, malicious attackers will try using the discovered credentials across the web.

While technology is a rapidly evolving field, by using a security package from a reputable security vendor, you can secure your devices from phishing and other malware threats.

Savi Moni offers a range of financial literacy training, tools, tips and resources aimed at improving the financial wellness levels of Papua New Guineans.  It’s no use being financially ‘well’ and then lose your hard earned cash to Phishing Scams.

 

Information in this article sourced from https://www.kaspersky.com/