Phishing has been around forever. What is to be gained be scammers using phishing attacks? Everything. Credit Card numbers, Usernames and Passwords, personal information, the list honestly goes on and on. Below are some common Phishing attacks and how to fight back.
Common Phishing Attacks
1. Whaling (or cyber-whaling) targets the highest-level company executives who handle finance and data decisions. Assuming business leaders aren’t suckered by the common pitch, phishers prepare special approaches called harpoons.
2. Harpooning uses personal details secured from other business sources and social networks, so the email language appears unique to the individual and confidential. The email might also include the sort of attachment the recipient would be pressed to open, like a subpoena, contract or tax form.
3. Spearfishing does the same as harpooning on a less sophisticated level. It targets anyone in the organization or database with just enough personal information to tempt the recipient to open the mail.
4. Fake phishers indulge in deceptive fishing by sending emails that present as a legitimate company, such as PayPal, MasterCard, Wal-Mart or others. Recipients are fooled into thinking the request for personal information is legitimate.
5. Pharming is a malicious technology scheme to convert the alphabetical Domain Name System (DNS) of websites into a numerical IP address which then redirects browsing users to a malicious location even if the victim entered the correct website search.
6. Mimic phishing imitates trusted sites like Dropbox, GoogleDocs or Outlook. Messages offer absolute duplicates of the sign-in screens for such sites and lure victims to enter their personal sign-in username and password.
7. Nigerian schemes promise delivery of a big payoff if the victim makes an advance payment or fee to secure the grant.
8. Banking scams and tax frauds announce a problem with banking or tax records and demands personal information to correct the problem.
How To Protect Against Them
A business’ best protection against phishing attacks takes two forms: The installation of state-of-the-art security on all business devices and repeated training up and down the organization.
1. Banks, tax authorities and trusted agencies never ask for personal information online.
2. Email addresses of a sender must correspond to a legitimate business domain name.
3. Never click any unverified link. For example, there’s no need to click-through an email message if the actual website is available.
4. Optimize your system. For example, put some effort into white and black listing your incoming emails by your customizing the system’s filtering.
5. Avoid URLs that begin with http:// rather than https://. Look for the lock icon in the URL line.
6. Do not respond to emails demanding an “urgent” response. Call the source to verify their identity and proceed accordingly.
7. Look for amateur work with poor language and spelling.
8. Refuse to sign onto a site through Facebook or other social media access.
The honest truth is that you have to be very diligent day to day. If at any point you believe you have been compromised your first step is to change you password. One of the most important tips I can give you is to NOT use a search engine to find you financial institution or brokerage, etc. The safest way to know you are on the correct site is to type the exact site you want in the address bar and hit enter, as to leave nothing to question. The Nerds are here to help, we provide computer repair service to Austin and San Antonio residences and IT Support to Austin and San Antonio businesses. If you need us we are a click away, simply click this link to book online or call the office at 512-401-6373 for Austin or 210-657-6373 for San Antonio.
Credit for portions of the above article: Drew Hendricks of Computing Now.