Phishing scams, like the one where an individual posing as a overseas prince reaches out asking for help transferring wealth in exchange for a share, are common.
Though it may seem obvious that it's a fraud, it's important to note that these types of scams can be very sophisticated and convincing. Many people fall victim to phishing scams each year, resulting in the loss of personal information and financial resources. It's essential to be aware of these types of attacks and take steps to protect yourself from falling victim to a phishing scam.
Why is it called Phishing?
The term ‘phishing’ was coined in 1996 by hackers who were stealing ‘America Online’ (better known as AOL) accounts and passwords. Employing the analogy of angling, scammers used email ‘lures,’ laying out ‘hooks’ to ‘fish’ for passwords and financial data. The letter ‘f’ was often interchanged with ‘ph’ as a nod to the original form of hacking known as phone phreaking: the reverse engineering of various tones used to re-route long distance calls. While these ‘phreakers’ manipulated tone sequences to obtain free calls, the act itself could be argued to be victimless (Well, except for the phone companies…). This is not the case with phishing attacks. Phishers attempt to trick, steal or socially engineer you into divulging your private information.
As businesses put complex security mechanisms in place to protect against unauthorized access, criminals target the weakest element in the system: you.
How to Identify
Phishing is the attempt to obtain sensitive information such as your username, password and credit card details by pretending to be a trustworthy entity such as Microsoft, Amazon, PayPal or even your bank.
While most traditional phishing scams are implemented via email, many phishing attempts happen via social media and even through your work suites such as Dropbox and Google Docs.
Be wary of unexpected emails, especially those that ask for personal information or login credentials.
Look out for spelling and grammatical errors, as well as suspicious sender email addresses and domains.
Avoid clicking on links or downloading attachments from unknown or suspicious emails.
Check the URL of the link before clicking on it and verify it is the correct and the expected URL.
Look out for sense of urgency and threat, scammers use scare tactics to make you act quickly.
Be cautious of email that requests for sensitive information such as social security number, credit card information.
Verify the authenticity of the email by contacting the company or sender through official means.
Keep your computer and antivirus software updated to protect against malicious software.
If in doubt, delete the email and move on.
Best Security Practices
Use a strong and unique password for each online account.
Enable multi factor authentication (MFA) for added security.
Keep your computer and software up-to-date with the latest security updates.
Use a reputable antivirus and anti-malware software.
Be careful when sharing personal information online.
Avoid clicking on links or downloading attachments from unknown or suspicious emails.
Use a virtual private network (VPN) when using public Wi-Fi.
Be cautious of phishing attempts and never give away personal information through email or over the phone.
Use a password manager to keep track of all your passwords
If you suspect your a victim of a phishing scam follow these guidelines from the UK government website: