This article by Alex Patterson was originally published at InspiredeLearning.com on November 30, 2018. It is being republished here with the publisher’s permission through syndication.
Phishing is one of the most common forms of cybercrime, so if you’re online, you’ve likely been targeted by a phishing attack—and you might not even know it. So what is phishing exactly? It’s the act of collecting personal information—including bank account numbers, passwords, and usernames—through electronic means, such as deceptive email messages and phone calls. According to RSA’s report for the third quarter of 2018, phishing attacks made up 50 percent of cyber attacks this year, and that number is a huge increase from last year. That’s why it’s important to learn what the most common types of phishing attacks are, and how you can reduce your odds of falling for them.
Common Types of Phishing Attacks
One type of phishing is called snowshoeing, where scammers send messages to several IP addresses and domains, with the intention of avoiding spam filters. This ensures that at least some of the emails make it to the inbox before the filters start to identify them as spam. This is much like how snowshoes distribute weight evenly over a large area, so you don’t sink into the snow.
Another type of phishing is spear phishing, in which the message is targeted toward one person, not just anyone. Spear phishers put their target’s name in the message and try to make it look like it’s coming from a friend or colleague using a spoofed email address. They might get this information from social media, such as LinkedIn. For instance, a spear phishing email might look like it’s coming from the accounting department at work, requesting your bank account number or home address. It might also look like it’s coming from your bank or favorite store, with a link asking you to input sensitive information, such as a password.
Whale fishing is a subset of spear phishing, as it targets “big fish,” such as CEOs and board members. After all, these individuals tend to have more information, such as passwords and bank account numbers, than the average person. While it may take longer for scammers to convince these “big fish” to give up personal information, the payoff is usually better than with regular spear phishing because they often get access to personal information from the entire company, not just one person.
Vishing is short for “voice phishing,” so as you might guess, it involves the phone rather than email. If someone is vishing you, you’ll get a phone call with a message from a voice that claims to be a bank. It might ask you for your account number, password, or other sensitive information. The message will usually ask you to press a number to talk to a representative, or it will provide you with a phone number to call so you can give them the information. Either way, you might be tricked into giving a scammer enough personal information to have money taken from your account within minutes, making vishing a dangerous attack if you fall for it.
How to Protect Against Phishing Attacks
Now that you know about the most common types of phishing attacks, you can arm yourself with the information you need to ensure you don’t become a victim. Of course, you can expect to occasionally receive emails and phone calls trying to phish for information from you, but you won’t fall for them once you know the telltale signs of phishing attacks.
- Look for spelling errors
- Don’t assume you know the sender
- Be wary of links and attachments
- Report suspicious emails and phone calls
Author Bio: Alex Patterson, Product Marketer, Creator of brilliant content and engaging emails.
More on this topic: Why You Should Use A Virtual Data Room