Phishing attacks rank among the most complex and assorted scams because they are formulated upon technology that make them appear believable to victims. Fraudsters apply phishing techniques in emails, text messages, and spoofed websites to steal sensitive information from people.
In some cases, scammers may go as far as installing fraudulent malware on victims’ computers to steal important data without their knowledge. Here are the five most common phishing attacks and measures to prevent them.
The term phishing originally became apparent after attacks were reported on users with America Online (AOL) accounts in the mid-1990s. As technology evolves, fraudsters venture in the email realm in which they wrote false messages to urge for the need to verify account information, fictitious account charges, and system failure. Although the landscape has evolved drastically, fraudsters use the same deceptive methods to facilitate their crimes.
Web Spoofing and Clone Phishing
Web spoofing is a common phishing scam in which an email with a deceptive link redirects a user to a fake website, to convince the recipient to provide his or her information. Web spoofing is more prevalent on platforms that require user credentials to login. Clone phishing is similar to web spoofing with the exception that it is content focused; it typically imitate messages from established sources by replicating all digital assets including logos, to appear as believable as possible.
Phishing Scams or Malware
Malware-based phishing scams have to do with fraudsters running malicious software on users’ PCs to steal information, which is made possible by social engineering techniques. A fraudster will engineer an email to appear realistic by attaching a document that seems legitimate such as “taxletter.doc”, to increase the chance of having the email opened by the recipient. And the attachment will install a malware on the user’s computer to intercept his or her data once it’s opened.
Keylogging is a sophisticated scam that fraudsters use to register and transfer stolen data to their remote databases. Fraudsters use keylogging techniques to record every keystroke made by a user, and record information on every web page that the user visits during a session on a computer or device with web capabilities.
Vishing and Smishing
Voice phishing or vishing is a type of scam in which fraudsters make attempts to intercept one’s personal information such as bank account numbers through a phone call. Similarly, SMS phishing or smishing is done through text message to mislead users into opening a link that redirects to a spoofed website.
Measures to Protect Yourself
Phishing scams have been around ever since the internet became main stream; and fraudsters are always doing their best to get around the security measures set in place against phishing. Fortunately, there are plentiful ways you can protect yourself; consider the following tips:
- Think Before You Click – One of the simplest rule of thumb is to be cautious when opening links that you may be unfamiliar with. If an email or message looks out of the ordinary, then it is probably best to dismiss it, or consult with someone who is internet/data savvy who can provide better insights.
- Verify the Website’s Security – It’s normal to be curious on the internet, especially when you are asked to provide sensitive information. Before submitting any information, check that the site URL starts with “https”, which is the secure version of Hypertext Transfer Protocol or HTTP. An https website has security protocols that ensure information travel to its destination safely.
- Keep your browser Up to Date – Updating your browser may seem like a tedious task, but it can make a strong impact in helping protect against phishing. In fact, web browsers (Google Chrome, Firefox, Internet Explorer, and etc.) have professionals who are actively working behind-the-scenes to detect security threats early, and ensure that users have a better experience. Therefore, it is vital that you take advantage of browser updates once they are readily available.
- Never Give Out Personal Information – This is the most important rule of them all. Never send out personal information on a website without verifying who the request is coming from. Always contact the person or company prior to sending sensitive information either by visiting an official website or speaking with someone directly on the phone.
- Use Antivirus Software – Think of antivirus software as your personal computer’s Watchdog! Just like we are doing our best to protect their financial interest, we advise our members to equip their PCs’ with the latest version of antivirus software to protect against potential malware that they may come across.
We encourage that our members stay informed to better prepare against potential scams that are luring out there. We imagine a world that is fraud-free, which is something that we can achieve with your help.