Phishing email example

What is a Phishing Attack?

Phishing attacks are calls, texts, or emails that look and seem to be from a legitimate source. Phishing is a form of fraud, and happens when an attacker will pretend to be someone else, or a company. They will send an email to whomever to potentially extract personal information, login credentials, or account information stored on your computer or device. Phishing is a very common cyber attack that can happen to people who own new and refurbished computers in Ottawa and anywhere in the world so knowing more about them can help protect you from these attacks.

How does a Phishing attack work?

Phishing starts with confusion and curiosity to lure the target. Phishers can use multiple public sources to find out more information about the target’s personal and work history, interests and activities. Usually, this information can be found easily within social media platforms like Instagram, Facebook, LinkedIn, etc. The information gathered on the internet can be used to make believable phishing attacks. 

The Different Types of Phishing Attacks

  • Vishing – Short for voice phishing, is when someone pretends to be a trusted friend, relative, or organization while using the phone to try to steal information.
  • Spear Phishing – Targeting a specific person. They first gather information about the person before starting the attack to pose as a certain organization, which then they steal their login credentials.
  • Email Phishing – The attacker creates and sends an email that looks legitimate, used to trick the recipient to giving them information. Typically includes a reply or on a malicious website used to steal or sell their data.
  • Pharming – malicious code is installed on the victim’s computer. This code would send them a fake website designed to gather login credentials.
  • Clone Phishing – the attacker creating an identical copy of a message the target has already received. Usually, they include something like “resending this”, which includes a malicious link in the email.
  • Smishing – a type of phishing which is through some form of a text message or SMS (Short Message Service).

How to Spot Phishing

  • If you don’t recognize the sender’s name, email address or phone number.
  • The email address is not from the organization the email says it’s from.
  • There is a lot of spelling and grammar mistakes in the email.
  • The offer sounds too good to be true.
  • You are requested to give personal information via email or website link.
  • It seems to be an urgent request with a deadline.
  • Offers a coupon for free.
  • Says you’re eligible to register for a government refund.
  • Includes a fake invoice.
  • Say they’ve noticed some suspicious activity or log-in attempts.
  • The sender requests a financial payment or personal information to release a package or information.

How to prevent and avoid phishing

  • Protect your new or refurbished computer or device by using security software. For example, ESET Internet Security which can be purchased here, can help protect you.
  • Protect your mobile phone by setting software updates automatically.
  • Make sure to use multi-factor authentication to protect your accounts. This allows extra security by requiring two or more credentials to log into your account. Examples of this could be an authentication app, fingerprint scanner, a security key, etc.
  • Make sure to back up your data. You can copy your computer files to an external hard drive or a cloud storage.

Conclusion

Phishing is a very common attack which can happen to anyone. However, even though they can be tricky to spot, it’s always good to be cautious about what type of messages you respond to. Being able to point out phishing attacks will help protect you, and everyone around you. With this information please be sure to inform others so that they can be safe too.  

Author:Mathew Molnar 

Next article SSD and eMMC – What’s the Difference?