Phishing is one of the oldest tricks in the book of hackers. But as old as it might be, phishing still remains the most lucrative tool for cybercriminals; as they say, old is gold. This post tells you about the 3 common types of phishing attacks and tips to avoid them.
Phishing is a fraudulent activity to trick you into revealing your personal and confidential information. This information usually includes bank account details, net banking details, credit/debit card numbers, login ID and passwords. There are different ways an attacker can launch a phishing attack. These are the 3 common types of phishing attacks
A phishing email is a fake email that looks likes crucial communication send by a bank or a popular website. This email carries a tone of urgency so that it tricks you into taking an action like clicking on a link or downloading an attachment.
> Clicking on a link in a phishing email will take you to a fake website. This website might ask you to share confidential information or it might just drop a virus on your device.
> Downloading an attachment will (in most cases) infect your computer with a virus.
Here’s a sample of a phishing email. Notice that the email asks the user to click on a link (marked in red) otherwise their bank account will get suspended. This is a classic example of a phishing attack.
In a phishing call scam, you will receive a phone call from a person posing as a bank manager (in most cases), an employee of a software firm, or any other known organization. The purpose of the caller is to trick you into sharing confidential information (debit card number, ATM PIN, expiry date, CVV and OTP).
This is how a phishing call (that looks like it is from a bank employee) might go:
“Is this Mr. Brown? This is a call for you from (a popular) Bank. We have received reports of illegal withdrawals from your bank account. In order to contain the situation, and safeguard your account, we need to confirm your account number, expiration date, four digits at the back…” and so on.
The third common type of phishing attack uses SMS and is called SMiShing.
You will receive an SMS (WhatsApp message in most cases) informing you about an unbelievable offer (from an online store, about flight or movie tickets, etc.). This message will ask you to redeem the offer by clicking on a link. Again, this will take you to a fake website that might ask you to share confidential information or infect your device with a virus
Example of a phishing SMS/message
• Never respond to unwanted, unexpected emails, calls or SMSs – especially those that ask for personal or confidential information.
• Your bank will never ask you for confidential information via emails, calls or texts. If you do receive any such communication, do not respond; even better, report the incident to your bank.
• Avoid accessing websites via links in email messages/SMS; especially those asking for personal information.
• Do not fill any kind of form that comes along with an email.
• Ensure the website that you are sharing your personal/financial information with is secure. A secure website’s URL should always begin with “https” instead of “http”. Also important is the presence of a lock symbol on the website (see figure a). Clicking on the lock icon should display the digital certificate that verifies the authenticity of the website.
• Look for spelling mistakes, grammatical errors or bad language in any email you receive; especially the ones you were not expecting. Emails from a genuine organization are proofread and edited before they are sent out to the customers.
• If you receive an email containing link(s), do not click it. Hover your mouse over the link and take a look at the left hand corner of the browser. It will display a link. Check if this link matches the one in the email. If it doesn’t, then suspect it as a phishing attack.
• If you receive any email from your bank that conveys a sense of urgency or threat, then call up your bank and verify the situation.
• Keep your system’s operating system, software (Java, Adobe, etc.) and web browsers up-to-date.
• Install an antivirus that can block websites and emails designed for phishing attacks.
• Check your bank statements regularly. If you see any unauthorized transactions, inform your bank immediately.