It’s never too late to learn something new. As the first month of a brand new year, January is the perfect time of year to examine our pasts and learn how best to move forward. This annual outlook should also apply to increasing our knowledge of phishing — because, unfortunately, scammers are also learning from their pasts and working to improve upon their prior misdeeds. To clarify, they’re not working on becoming better people — they’re working on becoming better cybercriminals. It is your job to educate yourself on how to avoid phishing by knowing what to look out for.
Phishing
Phishing can take many forms, but most commonly, it is an email designed to trick the recipient into clicking on a link to a malicious download or website, giving out sensitive information, opening a damaging attachment or even transferring money. A phishing attack can be designed to look nearly identical to a legitimate email — however, most phishing emails are poorly written and obviously fake. Many phishing emails attempt to simulate communications from official services or even governmental authorities, such as a courier service, a popular streaming service or the local tax authorities. Hackers can also compromise legitimate email accounts to make the message look like it came from someone you know.
Help your organization learn how to avoid phishing with our 52 Weekly Cybersecurity Habits straight to your inbox with tips on how to avoid falling victim to cybercrimes.
Smishing
Smishing is phishing via text message. It’s very similar to email phishing, but instead of an email, you receive a text message prompting you to click a link or disclose valuable or sensitive information. Smishing attempts are often very effective because people tend to be more trusting of text messages than emails. A good indicator of a smishing text is the included link; a reputable service or business would always use their official website domain, correctly spelled — and would never use a link-shortening service such as TinyURL or Bitly.
Vishing
A shortened term for “voice-phishing,” vishing is phishing done over the phone. Usually, the “caller” attempts to obtain personally sensitive information — such as credit card numbers or banking passwords — typically by pretending to be an official representative of a company
or a technology service professional who will guide you through a process that ultimately gives them full access to your computer system. This is all attempted over a phone call.
Search engine phishing
Search engine phishing is a fairly new phishing method in which cybercriminals create fake websites that look legitimate. These websites are designed to trick users into providing personal information by offering too-good-to-be-true deals on popular products that can only be purchased by signing up. Of course, the products never arrive, but your money is gone.
Can anyone be a victim of phishing?
Yes. Unfortunately, it can happen to anyone. Even cybersecurity professionals have admitted to falling for phishing schemes. That’s because phishing tactics have evolved — they’ve become more sophisticated and far more elaborate over time. A well-designed and expertly executed phishing email can look very legitimate at first glance — especially to people who are too busy or not guarded enough to verify its authenticity.
How to avoid phishing attacks
Use the FISH Method
There are a few ways to minimize your chances of falling prey to a phishing attack. To start, it’s always best to trust your instincts – if a message looks fishy (or phishy), stop what you’re doing and think before you click! Once you’ve regained your composure, taken a few deep breaths, and kept your fingers away from your keyboard, use Global Learning Systems’ FISH Method to avoid phishing emails:
Freeze – Pause and think before you click. Many phishing attacks rely on your overzealous fingers to click on a link or impulsively open an attachment that installs harmful software onto your computer.
Inspect – Look at the sender’s address and any included links to check for anything out of the ordinary. A genuine email from a legitimate service would rarely use Gmail or Yahoo, nor would they use link-shortening services such as Bitly or TinyURL to forward you to their website or online services.
Scan – Check for spelling and grammar errors. Phishing emails are known to be very poorly written. This is because they are often written by non-native speakers or are machine-translated.
Hurl – If anything seems off in an email — or any other type of online message — throw it into your spam or trash file. In many of today’s email applications, doing so will also enhance junk mail filtering responses.
Anti-phishing training
To safeguard your organization against phishing attacks, employees need ongoing anti-phishing training and simulation tests to detect the latest scams. Cybercriminals are getting more sophisticated and learning new ways to social engineer employees into handing over sensitive data. Based on industry data published in 2020, nearly 89% of security experts say phishing is their most significant threat to data security.
GLS has thoughtfully packaged its security awareness training and anti-phishing training courses to meet the diverse needs of all companies – wherever they are in their cybersecurity journey. From the most basic understanding of cybersecurity to organizations with sophisticated needs and regulatory/compliance requirements, our packages can be tailored to meet every company’s specific goals.
Contact us today to learn more about anti-phishing training and phishing simulation.
