If you’ve been using email for any length of time, you’ve already been targeted by a phishing scam. Ten or 15 years ago, phishing scams came in the form of an often poorly spelled and badly formatted email that attempted to mimic a financial services provider – PayPal, your bank or one of your credit card issuers, for example. The email claimed that something was wrong with your account, and that you needed to follow a link provided in the email to log in to your account and fix it.
Of course, it’s easy to avoid this kind of phishing scam – if you’re worried that something is wrong with the account in question, simply type the address into your browser or use your own bookmark. That way, you know you’re truly logging into your own account and not into a mirror site that will give hackers your precious login information and access to your money.
But these days, phishing scams have become much more elaborate – so much so that they’ve been called “the internet’s most successful con.” Today’s phishing scams are more targeted and more convincing. Furthermore, they may not even come in the form of an email at all, but in the form of a phone call from a reasonable-sounding person with a plausible-sounding story. To protect yourself, you need to know the strategies scammers are using today and how to keep from getting hooked.
Types of Phishing Scams
Phishing scams got their name because they use bait to try to extract valuable information out of a mark. Usually, scammers want sensitive information they can easily turn into cash, such as bank account or credit card login info. They use mock websites that are often indistinguishable from the real thing, and because they can set up hundreds of such sites easily, it’s difficult for tech security firms to block them all. The best way to protect yourself against phishing scams is to be an informed and, above all, wary user.
First, you should understand the types of phishing scams going around today. The first is the bulk, or deceptive, scam. This is the type of phishing scam described above, where an untargeted email is sent out to as many people as possible, hoping someone will fall for it and send the scammers their information. Your email spam filter probably weeds out most of these, but you can protect yourself by simply ignoring them or at the very least by not following the links they provide.
More targeted attacks pose a bigger threat. Spear phishing attacks use some of your personal data, such as your name, address, old passwords or other personal information to give themselves more legitimacy. These types of attacks are often used to target high-profile individuals. In 2016, for example, spear phishers targeted John Podesta, chairman of Hillary Clinton’s 2016 presidential campaign, and stole 20,000 of his emails, which they then leaked online. Whaling is similar, but targets high-ranking business executives directly; a 2016 whaling scam targeting the CEO of Austrian company FACC cost the company €40 million.
Clone phishing replicates the content of an email that has already been delivered but replaces legitimate links with malicious ones. The message is then sent to recipients of the original message, using a spoofed account. Usually, attackers use clone phishing to spread viruses to other computers using an email account they’ve already hacked. A newer form of phishing, pharming, doesn’t use emails at all but attacks DNS servers to redirect users from the malicious website they typed into their browser to a malicious mirror site.
How to Protect Yourself
Using the best internet security can protect you from many phishing attacks. A good security suite can redirect the majority of the bulk phishing and even spear phishing emails you receive into your email’s spam folder, where they belong. It can even protect you against pharming by warning you when you’re about to access a malicious site.
However, the best protection against phishing is to educate yourself and to be wary of any messages you receive purporting to be from financial or government institutions. Your bank, credit card issuer and the IRS simply won’t ask you to provide personal information via email. Nor will anyone legitimately email you asking to give you millions of dollars or notifying you that you’ve won a contest you didn’t join or that you’ve been subpoenaed.
If you are worried that you might have a problem with one of your accounts, navigate to the site from your browser and log in rather than using the link provided in the email you received. Call your help desk using a number that you know is legitimate, not the one provided in the email. Use strong passwords to protect yourself from data breaches that could give phishing scammers access to your personal information. And never, ever give out your personal information, or information about your business or employer, to someone who emails you or contacts you by phone.
Phishing scams are rampant, and that makes them dangerous because you only need to let your guard down once to compromise your whole life. Don’t let scammers catch you. Remain suspicious of anyone who wants login info for your accounts, other personal information or information about your business or employer because the person who best can protect you from phishing scams is you.