These days, it’s more important than ever to protect your personal information and that of your organization or business. Unfortunately, scammers can sometimes be so convincing that victims hand over confidential data on a silver platter, thinking that they’re sharing it with someone trustworthy.
Phishing is a very common type of cybercrime that you may have encountered before. It’s important to raise awareness about this type of scam so that people are better equipped to recognize it and protect themselves.
In this article, our cybersecurity specialists explain what phishing is and how to avoid taking the bait!
What is phishing?
Phishing is a fraud technique used by cybercriminals who want to access a person or organization’s confidential information and profit from it (identity theft, account opening, credit card use and other fraudulent acts). This practice is considered a cybercrime and usually involves the use of fake emails, websites or text messages.
Cybercriminals hide behind emails and websites that are familiar to victims in order to get them to divulge private information (address, date of birth, social insurance number, credit card information, PIN, etc.).
Types of phishing
This is the most common type of phishing. Cybercriminals send an email to multiple recipients asking them to update their personal information, verify account details or change their password.
Many scammers have become masters at recreating the aesthetics of emails from credible institutions and instilling a sense of urgency in recipients.
Hackers are able to create fake websites that look so similar to the ones they are replicating that some victims will take the bait and enter their personal information, exposing themselves to identity theft.
Content spoofing, also known as content injection, consists of adding malicious content to a trusted website (financial institution, email account, etc.). The added content contains a link that directs the victim to an external website where they are asked to provide confidential information.
Phishing on mobile devices
Phishing can also take place on mobile devices. In this type of fraud, scammers send a text or voice message stating that an account belonging to the victim is closed, corrupted or expired. They hope that the recipient will then click on the link that accompanies the message, directing them to a page, video or message that allows the scammer to steal personal information or install malware on the mobile device.
Voice phishing, or vishing, is a scam conducted over the phone. The scammer assumes the role of an insistent caller and leaves a message or reads a script that prompts the victim to call another phone number.
These fraudulent calls are designed to instill a sense of urgency or greed and incite the recipient to act quickly. For example, the scammer may tell the victim to provide certain information in order to prevent their bank account from being suspended or avoid being charged with a criminal offence.
Spear phishing is a type of phishing used by cybercriminals who primarily target corporate users. Spear phishing is an attack that targets a specific recipient or small group using detailed, personalized information designed to trick them.
When recipients click on an attachment to a scam email, they may inadvertently install malware that then scours their computer and network for useful information.
The most popular types of malware include keyloggers (which will record passwords when they are typed in) and “Trojan horse” software. Note that hackers also sometimes hide viruses in fake updates.
Cybercriminals can create online ads and pop-ups that trick people into clicking on a link that automatically installs malware.
Need IT services for your company in Québec? Contact-us now!
How to recognize a phishing email
If you receive an email requesting information such as your username, password or date of birth, it may well be a phishing attempt. Phishing emails often contain an attachment or a link to a fraudulent site.
Take particular care with emails that appear to come from well-known, trusted companies (such as your bank)—most institutions will never ask clients to divulge personal information over email.
4 common characteristics of phishing emails
- The email includes an attachment that contains words such as DHL, notification, delivery or billing.
- The email contains a link to an infected web page that installs a virus on your computer.
- The message is meant to instill a sense of urgency in the recipient. The subject line may state “imminent closure of your account”, “package waiting” or “unpaid invoice”.
- The sender asks you to pay an invoice by email, which is not the usual method of payment.
How to protect yourself from phishing
Unfortunately, there is no foolproof way of protecting yourself and your company from phishing. The best solution is to take precautions wherever possible and educate your employees.
Here are some tips to help you assess the trustworthiness of emails and minimize your chances of having confidential information stolen:
- Do not respond to emails that request immediate action and threaten consequences for non-compliance. Do not click on the links, open attachments or provide any personal information.
- Even if you know the company that sent the email, avoid clicking on any links they contain. Instead, enter the official website address directly into your web browser.
- Check the quality of the writing: phishing emails often contain spelling mistakes.
- Learn to recognize suspicious emails by asking yourself the following questions:
- Do I know the sender?
- Is the content of the email suspicious?
- Is the subject of the email normal?
- Does the content match the sender?
- Is there a signature?
- Is there an attachment?
- Keep your software up-to-date, including Adobe Flash Player, Adobe Reader, antivirus software and your operating system.
- Always check the reliability of the website before doing transactions online.
- If an employee believes that they have been sent a phishing email, they should destroy it immediately.
Groupe SL helps you stay one step ahead of the cybercriminals
Phishing is a problem that is unfortunately almost impossible to eliminate at the source. Therefore, it’s important for individuals and organizations to be familiar with the different types of phishing they may encounter and wary of any emails that ask for sensitive information or data.
If you would like help protecting your company from cyber threats that could cause sensitive data leaks, contact our team of cybersecurity specialists! We can discuss your needs and provide customized solutions to keep your IT infrastructure secure and reliable.