Internet connectivity has become the premier mode of communication, shopping, designing, banking, investing and so many other important functions and industries. Emails provide people a way of keeping in touch with friends and family, conducting business, and tracking expenses. With so much of our lives and information deeply embedded within the world wide web, it has led to the rise of a new breed of thieves and criminals. They are called hackers and they engage in a varying degree of cyber attacks, from breaking into and infiltrating secure government networks to robbing any average Joe of their hard-earned savings, all without leaving their homes.
Chances are you have probably come across emails from this kind of hacker, with most of them likely ending up in your spam folder. Scam emails from Nigerian bankers and sources claiming you’ve won the lottery have probably ended up in your trash. However, some emails may present themselves as something far more realistic, even addressing you by name or appearing to be from a source you know. You may have even unknowingly opened these emails at some point. These emails are called phishing emails, designed to lure you in for the purpose of stealing your information.
Phishing emails don’t always look the same and they can be disguised based on the information hackers want to steal, from login credentials to confidential business details. Some hackers even use the data to steal other people’s identities! Most hackers trick their victims into opening malicious or fake web pages and handing over their data willingly but unwittingly. To effectively avoid these malcontents and their far-reaching fingers, it's important to be aware of the different kinds of “phishing emails” that you may come across. These are 4 extremely common types of phishing emails, and 8 tips on how you can avoid ever becoming victim to one of them.
(Source)
This is the most common type of phishing email out there, and you most definitely have a few of these in your spam or trash folders. They essentially take the form of fraudulent and fake email receptionists, representing (or rather misrepresenting) legitimate companies and organizations, including major banks and financial institutions. They usually contain a generic message requesting you to log in to your accounts to confirm certain changes made or collect a prize of some sort.
They will likely provide a link to a false web page that resembles the actual page of the company, bank, or institution, requesting you to log in. Filling in your credentials will result in passing on all information relating to those credentials to the hackers. If you receive such emails and you believe they may be viable, it is always best to confirm the same with someone in the company or organization.
(Source)
Spear Phishing is significantly more dangerous than deceptive phishing. While the latter throws out a large net to catch anything it can, the former takes a more personalized and targeted approach to data stealing. This is what makes spear-phishing a serious threat, especially to high-level executives (a practice called whaling), as well as people employed in major organizations, banks, and other financial institutions. A high amount of research is done prior to selecting the target, and again prior to drafting and sending the phishing email. Because of the amount of information needed on the target, this kind of email is especially common for people with an active social media presence.
These emails are customized entirely with details of the individual being targeted, and there is a clear lack of generic messages. Instead of the typical “Dear Customer” approach of receptionist phishing emails, the email will be addressed to the victim directly, and may even include information like the target's designation, phone number, address, and other details. The purpose, however, is the same as receptionist fishing emails, to get the target to go to the false webpage they have provided a link to, with the intention of stealing that person's data and login credentials. This may also enable them to access confidential business information. To avoid receiving emails like this, its best to maintain strict security protocols on all social media, including LinkedIn and other professional platforms.
(Source)
Cloning phishing emails are exceptionally dangerous as they appear to be legitimate and trustworthy. This type of phishing scam makes use of existing emails commonly found in most people’s accounts, like emails from major brands or credit card companies. In this type of scheme, the cyber scammers clone an existing and legitimate email from a major organization already in the target's inbox. As the emails are so similar to the emails we are familiar with receiving, it can be near impossible to recognize the difference.
The emails produced by the hackers are almost identical and indistinguishable from the original authorized email from the company. The one minor difference is always the link provided on the page, which is altered to send the user to the hacker's fake website, which may install malicious software in the user's browser, or request login credentials which can then be stolen. One way to ensure that you aren’t duped by a false cloned email is to check the email address it was sent from as it will be different, if only slightly, from the original sender.
(Source)
These are considered to be among the more sinister of the phishing scams currently sweeping the internet. Phishing emails play only an initial role in these attacks, and may not even be required. Using defects and vulnerabilities in the internet server and DNS (Domain Name System), hackers are able to acquire domain names that mirror existing sites and develop them with a similar aesthetic.
They can then change the IP address of the original website’s domain, and redirect internet users to their fraudulent domain rather than the intended legitimate source. This can be especially dangerous because when a user types the correct URL into the search bar, they are automatically directed to the malicious site. This can be avoided by ensuring that the websites you use are HTTPS-protected. These phishing scams are especially dangerous as they remove the need for phishing emails entirely, and pharm for victims at the point of entering the domain name itself.
While these 4 are the most common, and the ones you are most likely to encounter, there are still many other different types and variations of phishing scams being played out all across the world. The internet has added convenience for not only the average person but for the average scammer as well. Accordingly, we must increase and enhance the precautions we take to keep our information and our online identities safe. Here are 8 simple tips you can follow on a semi-regular basis that should help you stay wary of phishing emails and other types of scams.
As long as there are hackers out there, weeding through people’s information, we have heroes working on the other side to create software that automatically weed out or block off possible phishing emails, malicious websites, or pop-ups equipped with malware.
Most major browsers have in-built security systems. So in addition to yearly updates of your anti-malware software, it’s also necessary to update your browser on a regular basis to ensure that all preexisting security protocols and patches are up-to-date and released frequently.
Firewalls act as a buffer between your computer and everything else, so it is vital to have high-quality firewalls in place. These can protect you from hackers and phishers. Two major types of firewalls that everyone needs to have are desktop firewalls, software that can be purchased, and network firewalls, which have to be installed as separate hardware.
Those automatic security protocols will likely detect and warn you if you’re about to enter a site that may contain malware. You can also verify the security of a site by checking if it has “https” at the beginning of the URL, or by checking for the website's security certificate.
Knowing how and where phishers, hackers, and other cyber criminals try to select and attack their preferred targets can help you avoid accidentally opening a phishing mail or a website containing malware, or downloading a virus.
Listen to the warnings of all the major institutions when they tell you not to share personal or financial information to anyone on the internet. Avoid giving away confidential or personal information on links provided for in emails, and if the information is requested through any email, call the concerned service provider from an authorized number.
Perhaps the scariest thing about phishing crimes and other cyber invasions is that you could be scammed and have no idea about it until it’s too late. That’s why it’s important to keep checking your accounts on a weekly basis and ensuring that all charges made from your account are legitimate.
From links in phishing emails to endless pop-ups floating across your page, you may be one click away from accidentally exposing your system to malware. Links given in emails may lead you to websites that collect your login data, while pop-up ads and unverified or unsecured websites on your search engine may result in viruses being downloaded. Ad-blockers and other specified security systems can keep you protected by at large, but it's important to be careful where your mouse wanders in case a pop-up manages to slip through the cracks!