A Deep Dive on Phishing & How Not to Fall Victim

Written By Madeline L

We’ve all received a dodgy email claiming to be our dream lover from a far flung location or a questionable offer of millions of pounds if we just click this one simple link!

This ‘spam’ is getting more sophisticated with cleverly designed messages purporting to be our favourite brands with hooks designed to make us act without thinking. I myself was caught out not long ago with a link from ‘icloud’ saying my storage had run out (something that was true) and I needed to upgrade my plan. I realized as soon as I clicked the link but it was a dicey couple of hours, mitigating the effects of what I might have got myself into. It’s easy to be fooled, and nobody should be embarrassed, but we should all be ready and prepped to dodge the flurry of phishing attempts we get daily.

Techtarget recently announced “phishing attacks increased by a whopping 1,265% in 2023, thanks in part to the growth of generative AI (GenAI), according to "The State of Phishing 2023" report from SlashNext. The Anti-Phishing Working Group (APWG) observed almost 1.3 million phishing attacks in the second quarter of 2023, representing the third-highest quarterly total ever observed by the group.”

Scary stuff. But what actually is phishing?

The common type of cyber attack involves fraudulent communication designed to deceive individuals into revealing sensitive information, such as passwords, credit card, or social security numbers. Cybercriminals often disguise these communications as messages from reputable sources, such as banks, online payment processors or government agencies.

How Does Phishing Work?

Phishing attacks typically come in the form of emails, text messages, or phone calls. The attacker poses as a trustworthy entity and uses social engineering techniques to create a sense of urgency or fear, prompting the victim to disclose confidential information, click on a malicious link, or download an infected attachment.

For instance, a phishing email might claim to be from a user's bank, warning of suspicious activity on their account and urging them to verify their account details. The email would include a link that directs the user to a fraudulent website that looks identical to the bank's real website. Once there, any details entered—like login credentials—are captured by the attacker.

Types of Phishing Attacks

There are various types of phishing attacks, each with its unique characteristics and methods:

1. Spear Phishing: This is a targeted form of phishing where the attacker personalizes the emails with the target's name, position, company, work phone number, or other information to make the attack seem more credible.

2. Whaling: This form of phishing targets high-level executives or important individuals within a company. Cybercriminals aim to steal sensitive information that can be used for financial gain or to gain access to company networks.

3. Smishing and Vishing: Smishing involves phishing attempts via SMS, while vishing is voice phishing where the attacker uses a phone call. Scarily, technology is on the rise that will allow attackers to emulate the voices of people known to the victim.

4. Pharming: This attack involves hackers redirecting a website’s traffic to a fake site, even when the user has typed in the correct address.

5. Quishing: Ever been tempted by a sticker on the tube with a mysterious QR code? Do resist! These can trigger an instant download of malware so scrutinise what you scan.

How to Prevent Phishing?

Here are some steps you can take to protect yourself from phishing attacks:

1. Be cautious of unsolicited communications: Be wary of any unsolicited email, text, or call that asks for personal information or prompts you to click a link.

2. Check for email red flags: Look for poor grammar, incorrect spelling, generic greetings, and unofficial email addresses, which can all be signs of a phishing email.

3. Verify the source: If an email seems suspicious, contact the company or person directly using a known contact method. Take a close look at the domain. For example, footlocker-uk.com, is close but not the same as footlocker.co.uk so always go through google if what they’re offering is a little too good to be true.

4. Install security software: Use antivirus and anti-malware software and keep it updated for the latest protection.

5. Use multi-factor authentication (MFA): MFA can provide an extra layer of security, as it requires more than one method of verification.

Remember, awareness is your best defense against phishing. Always take a moment to scrutinise any communication that seems out of the ordinary before responding or clicking on any links and report anything that doesn’t seem quite right.

Madeline L
Previous

How do I Improve my Privacy Online? Understanding Virtual Private Networks (VPNs)

Next

8 Steps to Solid Website Security