Time and time again, phishing scams have gotten the best of us. Take the recent W-2 attacks that are everywhere this tax season, or the phishing scam affecting Gmail users. Google was required to release a patch within Chrome to address the problem, but the scam was surprisingly simple – just an email linking to a password reset page identical to the one used by Google. Who wouldn’t fall for that?
Phishing scams don’t require a lot of effort from cybercriminals, and yet, they continue to work. As a matter of fact, this style of cyberattack has been around since the dawn of the internet, with the earliest instance of phishing attacks dating back to the dial-up days of AOL. Fast forward to modern day, and phishing scams still remain one of the go-to attack vectors for cybercriminals around the world. But before we discuss how to fight back against these attacks, let’s first dive into what a phishing scam is.
What is a Phishing Scam, Exactly?
The name “phishing” originates from attackers’ use of fake emails and urls to “bait” victims into divulging personal information, typically via social engineering (a technique used by crooks to deceive and manipulate users into trusting them). Like a fisherman uses worms to draw in the day’s catch, criminals use dozens of forged digital assets to steal user’s login information, credit card numbers, and just about anything else that can be pounded into a keyboard. And it’s not only emails—today’s phishing attacks can come from multiple vectors, including smartphone apps and phone calls.
How Do They Work?
The way phishing scams operate is pretty straightforward. Once a victim has fallen for the ploy and unsuspectingly entered their personal information within a forged site or as a response to an email, the attacker then uses that information for personal gain. Damages can include emptying bank accounts, identity theft, ransomware infection, and/or personal information being sold on the Dark Web to the highest bidder.
With that much at stake, it’s crucial to learn what the common and current phishing scams are that you need to keep an eye out for. Here are the three to have on your radar:
- Cloud Storage Phishing. Cloud service providers such as Amazon, Google, and Dropbox have recently become the target of phishing scammers. Generally, the scammers send victims attachments requesting that the user log-in to their cloud provider through a dummy portal, capturing private log-in information in the process. And since so many of us trust the cloud with our personal data, make sure you stay vigilant when an unknown attachment comes through.
- Mobile Phishing. More and more phishing scammers are shifting their focus towards attacking users through their smartphones, since mobile applications have become ideal vectors for attack. It’s easy, really—unsuspecting users just download forged applications loaded with malware, and crooks then actively capture personal information and trick users into divulging passwords. So, make sure you protect yourself by always reading app reviews before downloads, keep security settings kicked into high gear, and consider adopting a reliable, mobile security solution immediately—like McAfee Mobile Security.
- Email Phishing. Email phishing attacks are a cybercriminal’s bread and butter. And they work on almost everyone. From business executives, to internet surfers at home, anyone who opens an unknown email and trusts its content is vulnerable to this classic manipulation. So how do you discern a real email versus a phishing scam? The best way to fight back is by staying educated on the signs, and by being skeptical. Make sure you check the URL for legitimacy. Hover over the link to see if it might be fake, and if it seems remotely sketchy, don’t click. Additionally, stay up to date on cybersecurity news to keep in the loop on the newest kind of phishing emails coming to inboxes. And most importantly, remember – if you don’t know the sender, err on the side of caution before you share your personal data with them.