Emails are one of hackers’ common phishing weapons, but there are several indicators within phishing emails that can often make them easy to spot. If you receive an email asking for payment or important personal information, scan the email and ask yourself these questions before taking any sort of action:
The criminal world of phishing, as with any legal business or industry, is constantly evolving. Phishing criminals can be sophisticated and creative in capitalizing on advancements in the ways people use technology. Because of this, individuals and companies may be vulnerable to several types of phishing campaigns. The most common ones to recognize include spear, clone, whaling, and pop-up phishing.
Spear phishing occurs when a hacker specifically targets a group of people with something in common. Often by using “insider” information obtained through hacking an organization’s computer or pulling from social media or a website, spear phishers create a fake email that appears to be an official email from the organization or entity. These emails typically ask victims, targets such as university students or a company’s clients or employees, to click on a link that will take them to a website to update personal information, enter a password or pay a bill.
Like with spear phishing, clone phishing hackers prey on email recipients by taking advantage of their trust in other people or businesses. With clone phishing, hackers “clone” a real email someone already received and create a new one that looks like the original. They can also make it appear as if the sender of the original email sent it again. In these cloned emails, phishers add or replace a link or attachment with a harmful one.
Whaling is a form of phishing that targets specific victims, often the “whales” of a corporation or large entity such as a CEO, a board member or a wealthy individual. Whaling phishers typically use similar methods as those used in spear phishing.
Through pop-up phishing, hackers can also take advantage of people as they browse the internet. Hackers may infect certain websites and cause a pop-up to appear when a user visits the page. These pop-ups can be difficult to close, causing the victim to accidentally click on a link, and may direct a user to take some kind of action such as providing personal information, downloading something, or calling a certain phone number.
Fortunately, along with having a general understanding of what phishing is and how it can appear, there are a few things you can do to help prevent phishing attempts:
Two-factor authentication may make it difficult for a hacker to access your online account by requiring a scan of your fingerprint or an additional code sent to your mobile phone. Because hackers don’t have access to your phone, unless you’re already using a compromised site or device, they should not be able to receive this code needed to log in to your account even if they already have your password.
Whether you’re trying to protect yourself or your business from phishing attacks, it’s important to implement strong password management policies. For instance, using a secure, reputable password management software can help protect you from logging in to a dangerous phishing website. If you use a password manager that securely stores your password and automatically fills it into authentic websites when you log in to an account, the same software will not automatically enter your password in a fake site that only looks like the original. Additionally, changing your passwords regularly and using a different, strong password for each online account can prevent hackers from being able to access more than one account if they ever do manage to steal a password.