Phishing attacks are becoming more common and sophisticated. Learning to protect your information is an important part of your security arsenal.
Types Phishing Attacks
- Phishing – Phishing is a way of attempting to acquire information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication, usually email.
- Spear Phishing – Phishing attempts directed at specific individuals or companies. Attackers may gather personal information about their target to increase their probability of success.
- Whaling – Phishing attacks have been directed specifically at senior executives and other high profile targets within businesses.
Most methods of phishing use some form of technical deception designed to make a link in an e-mail (and the spoofed website it leads to) appear to belong to the spoofed organization. Misspelled URLs or the use of subdomains are common tricks used by phishers. Another common trick is to make the displayed text for a link suggest a reliable destination, when the link actually goes to the phishers’ site. In the lower left hand corner of most browsers users can preview and verify where the link is going to take them.
Be suspicious of everything, especially emails from an unknown address. Be sure to use extra caution if an email is asking for credentials or if an email is referring you to a URL link.
Some ways to avoid phishing scams:
- Never click on hyperlinks in emails – Even if the email seems to be from a known source, do not click on a link in an email. If you really want to visit the site, manually type the address into the Web browser.
- Keep antivirus software up to date – Most antivirus vendors contain signatures to protect against common exploits.
- Use anti-spam software – Most phishing attacks come in the form of spam, so if you keep the spam out of your inbox you will be less likely to be tempted by a phishing attack.
- Use anti-spyware software – If for some reason your browser is hijacked, anti-spyware software can often detect the problem and provide a fix.
- Get educated – A little research on the Internet may save you a great deal of pain if you are ever the victim of identity theft. Many companies have spam or spoof email addresses dedicated to researching phishing attacks sent in their name. If you suspect an email is fraudulent, forward it to firstname.lastname@example.org, replacing company.com with the domain name of the email you received.