Photo from Learning Registry
With the rise of the Internet, one of our greatest and most dangerous enemies are those found on the World Wide Web, and they can be summed up in two words – online scammers. Online scammers are people that use unfair, deceptive, and fraudulent business practices to trick users into giving them their money or personal information.
Anyone can be a victim of a scam. Not just the wealthy, or the influential. We are all at risk and we should all be informed and vigilant against scams. On that note, let’s begin by getting ourselves acquainted with the top online scam today, Phishing.
What Is Phishing
Photo from Turboweb
Phishing is the fraudulent attempt to obtain another individual’s personal information through email and other forms of electronic communication. In most cases, the criminal uses disguised email, called phishing email, as a weapon. The goal of the criminal is to trick the email recipient into believing they should reveal their username, password, or credit card details to get something they want or need. The email sender might pretend to be from the victim’s bank, favorite online store, or insurance company.
Inside the email will be a link the victim will need to click, or an attachment the victim will need to download. Once the victim clicks on the link, or downloads the attachment, the target will be asked to divulge personal information such as usernames, passwords, and credit card details. Once the cybercriminal has the info, he or she will hack into your email and social media accounts, or use your credit card for online purchases.
What distinguishes phishing from all the other scams is the form the message takes, the phishing email may look like it’s from a company you know or trust, like an online store, a credit card company, or a social media site.
In other cases, a phishing email will lure the victim in by making him or her panic, the email might say the sender noticed some suspicious activity or log-in attempts, or the email might say there’s a problem with payment information, and the user needs to click on a link to make a payment or to confirm some personal information.
Last February, many shoppers were victims of a PayPal phishing scam designed to harvest confidential data of users. They received an email saying that a new address was added to the victim’s account, and this email is a confirmation email of this fact.
If they did not add the address, they had to click on a link to make sure no one can use their account without their knowledge. When you click on the link you will be taken to a fake PayPal page that asks for the victim’s email, password, billing information and credit card details.
As you can see, these cybercriminals are absolutely ruthless and will do everything and anything to get their target to do what they want.
How To Know If You Are Being Phished
Photo from Malwarebytes Labs
In the earlier parts of the article, we talked about how phishing emails work. Cybercriminals send fake emails to companies and individuals. In these emails, the criminal will ask the recipient to click on a link that takes them to a page. On this page, the victim will be asked to confirm personal data such as account information. Once hackers have this info in their hands, they can pretend to be you, create new user credentials, or install malware into your system to steal more personal data.
No one wants that to happen to them! We need to wage against cybercriminals, but before we go into war, we need to learn how to recognize the enemy. Here are some clues to help you spot phishing scams :
Real Companies Don’t Request For Your Personal Information Through Email
Most companies have data privacy laws. And if they follow their own rules, they will not send you an email asking for your Social Security Number, tax number, or credit card information. A big company like Amazon won’t ask you to do that. If you get an email from someone pretending to be from Amazon, that could be from a cybercriminal running an Amazon phishing scam.
You need to report that immediately! To report a phishing email, email the company the cybercriminal is pretending to be. For Amazon concerns, send the email to stop-spoofing @amazon.com.
Real Companies Call You By Your Name
A phishing email will typically use general greetings like Dear valued customer, or Dear madam/sir. If a company you deal with needs some information about your account, they will call you by your full name and ask you to call them via landline or mobile phone.
Last January, a Netflix phishing scam filled the inboxes of Netflix subscribers. The email began with “Hi #name#,” (look at that red flag!) The email then informs recipients their Netflix membership is on hold. Once they open the email, users will immediately see a link that will redirect them to a fake Netflix page where they’re instructed to enter their login credentials and their credit card information.
Netflix seems to be a favorite among cybercriminals, the video on demand streaming service’s 158 million subscribers were targets of similar Netflix phishing scams in September and November just last year.
Legitimate Organizations Know How To Use Proper Grammar
An email from a legitimate organization should be well written.If it’s got a ton of typos, and a lot of bad grammar, we’d be willing to bet you’re looking at a phishing email.
Real Companies Don’t Randomly Send You Attachments
Most companies don’t send random emails with attachments. Most of the time, they would rather ask their customers to download documents from their official website. In certain instances, companies that already have your email might send you information that would require a download. When that happens, contact the company directly using contact information written on the company’s official website.
Real Companies Don’t Force You To Their Website
If an email looks suspicious, do not put your cursor anywhere on the email. Some phishing emails contain hidden code, or are coded entirely as a hyperlink. Clicking anywhere on the email might open a fake webpage or might download spam onto your computer.
Types Of Phishing Attacks
Photo from Thinkwealth Magazine
In the earlier parts of the article, we talked about phishing scams and phishing emails in general. But the situation is not as simple as that. There is more to this than meets the eye. Some cybercriminals use more specific types of phishing scams to attack certain individuals or organizations.
Let’s learn more about that here:
1. Spear Phishing
Spear phishing is usually confused with general phishing because they are both attacks on users that aim to acquire confidential information. But the goal of a general phishing attack is to send a bogus email that looks as if it is from an authentic organization to a large group of people.
Spear phishing, on the other hand, is targeted towards a specific person, company, individual, or business.To make their attack successful, the cybercriminal usually researches specific information about their victims; i.e. victim’s name, position in company, his or her contact information etc.
The fraudster will later customize their emails with the info that they gathered, making the victim believe the email is from a trustworthy source. Attached in the email are fake URL and email links that ask for the sender’s private information. Once the email recipient gives it, the fraudster has succeeded.
2. Domain Spoofing
Domain spoofing occurs when a cybercriminal spoofs an organization or company’s domain to make their emails look like they’re coming from the official domain. How is the fraudster able to do this? By creating a fake website and fake domain that is very similar to the original. For example, instead of netflix.com, the cybercriminal will use netflix.net. The cybercriminal will then create a new email header to make it appear like the phishing email is coming from a company’s legitimate email address.
3. Clone Phishing
Clone phishing, as the name suggests, occurs when a cybercriminal copies a legitimate email message sent from a trusted organization. The fraudster alters the email by replacing or adding a link that redirects to a malicious and fake website.
How will you know if the email you are looking at is cloned? You’ll see a fake email address appearing to have come from an original source, the attached file or email link is replaced with a malicious version. Lastly, the cloned email will pretend to be an updated version of the original email, or revert of the original email.
4. Evil Twin Phishing
Evil Twin phishing happens when an attacker snoops on Internet traffic using a bogus wireless access point.The victim will be tricked into logging into the attacker’s server, and will be asked to enter sensitive information like usernames or bank accounts. But wait, there’s more-the attacker will also be able to eavesdrop on the victim’s network traffic, and will also be able to view all of the victim’s downloaded attachments. Creepy, huh?
This type of attack has also been called the Starbucks scam because it often takes place in coffee shops. We know you now know what to do the next time you ask your favorite barista for the WiFi password.
What To Do If You Get Phished
What you never wanted to happen just happened… you got phished. Before you throw yourself into a panic attack, take a couple of deep breaths, relax for a minute, and follow our tips :
1. Change your password
If you clicked a link that sent you to a site that pretended to be your bank, email service, or medical clinic, before you do anything else, log into the REAL site and change your password. If you use the same password for all your accounts, change the passwords for your other accounts, too. And while you are it, change your password hints, and standard security questions, too.
2. Backup Your Files
Always remember to keep yourself covered. Remember, data can be destroyed or erased in the process of recovering from a phishing attack, so before it comes to that, go offline and save all your files in an external hard drive or USB drive. Focus on protecting sensitive documents such as work-related emails, files, videos and presentations. Don’t forget to save your personal photos and videos, too. Keep those precious moments with family and friends in a safe and secure storage facility.
3. Report The Incident To The Organization That Was Spoofed
Contact the company that was spoofed, tell them all about what happened to you. Let the company know you changed your password, and follow their instructions for safeguarding your information and your account. If you gave out financial information, you’ll need to take a deep breath and… cancel your credit or debit card.
Contact the local and national authorities, too. Report computer or network vulnerabilities to the National Cybersecurity Communications and Integration Center (NCCIC) at 1-888-282-0870 or at www.us-cert.gov/report.
4. Watch Out For Warning Signs Of Identity Theft
If you’ve revealed any financial information or other sensitive info like your Social Security number, be on the lookout for identity theft. Observe your bank and credit card statements. Keep an eye out for withdrawals or purchases you did not authorize. Also, ask your bank to let you know if there has been any unusual activity on your account. Notify credit reporting agencies that your personal information was compromised. Ask for a credit report to make sure you don’t contain new lines of credit you didn’t sign up for.
5. Protect Your Computer For Viruses
Whether you clicked on a suspicious link or downloaded a harmful attachment, it’s a good idea to scan your computer for viruses and malware. A good antivirus software will thoroughly examine your computer, and will immediately alert you to any files that may have been infected.
If you have not installed antivirus software on your computer, you are putting yourself, your computer, and your personal reputation in grave danger. Trust us when we say in this situation, prevention is 100 percent better than cure. Without antivirus protection, you will constantly be at the mercy of ruthless cybercriminals. Your passwords can be lifted, your bank account can be emptied, and your identity can be stolen.
In your search for a good antivirus or Internet security software, you need to look for a product with strong anti-phishing tools and anti-phishing services. They’ll safeguard your device against malware, spam, and spoofing. When you’ve got all these things in your computer, you’ll have peace of mind whenever you connect to the Internet, knowing that all these tools will be working hard for you.
Having said that, to help you along the way, we’ve put together a list of the most effective internet security products in the market.. They should keep your computer running safely for years to come.
Kaspersky Internet Security
Kaspersky Internet Security is one of the best computer security softwares in the market. Once installed, It disables the links of malware sites, detects phishing attacks, and blocks pop-ups.
Kaspersky Internet Security also comes with a Safe Money Option, which protects users from credit card theft and phishing scams. A full-scale security suite offering protection on many levels, Kaspersky comes with a firewall component, capable of monitoring the network connections of any device.
NordVPN Internet Privacy & Security
NordVPN Internet Privacy & Security protects users’ web traffic with military-grade encryption, the gold standard of ultimate data protection. An advanced antivirus solution that takes security and privacy to the next level, NordVPN Internet Privacy & Security blocks websites known for hosting malware or phishing scams.
NordVPN Internet Privacy & Security also helps its users to stay private at all times, keeping no logs of any activity on the Internet.
Trend Micro Maximum Security 2020
Trend Micro Maximum Security 2020 provides complete multi-device protection against online threats such as malware, spyware, evolving viruses, and phishing scams. Trend Micro comes with a Pay Guard feature that allows users to access banking or shopping sites securely, and a Web Guard feature which warns users of unwanted websites, inappropriate ads, and unauthorized browsing trackers.
Panda Dome Advanced
Panda Dome Advanced utilizes Cloud Intelligence Technology to keep devices free from Internet pirates and other security threats such as phishing scams. The security software’s WiFi protection tool protects the user’s network from potential threats and spying activities, and also comes with a personal firewall that filters the traffic coming into your PC, and blocks any potentially malicious activity.
Webroot SecureAnywhere Antivirus
Webroot SecureAnywhere Antivirus keeps devices safe and secure anywhere and everywhere the device may go. Equipped with powerful features, Webroot’s got a Password Manager in charge of encrypting login and password data on any device, and a SafeStart Sandbox tool which runs suspicious programs in an isolated environment, making it harder for potential intruders like phishing scam operators to touch a device’s operating system.
Phishing is one of the oldest scams in the world. It’s been around for almost twenty years, and is STILL alive and kicking because of two major reasons. One is, it’s simple to carry out, even by one -person operations. The second reason is because it works. Even if so many people rely on computers nowadays, there are still billions of individuals that are unaware that the Internet is something which criminals might use to target them.
Because of all these reasons, phishing will continue, and the number of cybercriminals will multiply. Not the most positive thing to say, but it is true. However, that doesn’t mean phishing can’t be stopped. It can be stopped by knowing what to look for, which we discussed earlier in the article, and by employing training when necessary. Above all else, it is incredibly important to choose an antivirus software that fits your security needs.