Wazzup Pilipinas!
Even in 2019, Phishing runs rampid. It’s the easiest way for crooks to push malicious code onto your device, but even in its simplicity, phishing delivers hackers everything they need to infiltrate every part of your personal and work life.
From “catfishing,” to “spearfishing” to “social engineering,” phishing schemes run the gamut from poorly written emails from foreign princes to highly sophisticated games of cat and mouse that criminals use to glean details from employees and people of interest. If you click on a malicious link in an SMS phishing scheme, your phone can become infected with Malware so stubborn that you’ll have to go to an iPhone repair shop to get it fixed.
Phishing, at its core, is when a cybercriminal poses as someone or something you know, fooling you into divulging sensitive details that can be used for identity theft, tricking you into handing over bank account numbers, or persuading you to download some form of malicious code.
Every month, an average of 1.4 million scam websites are created in hopes that a victim will visit it and enter personal information.
Anyone can be a victim of phishing - you, your company, even the Democratic National Committee.
Email Phishing
Every day, 3.7 billion people send around 269 billion emails. Almost one in every 2,000 of these emails is a phishing scheme. Do the calculations and you’ll find that there are 135 million phishing attacks attempted every day through the channel of email alone.
We receive so many emails that we just don’t have the time to carefully look over every message in our inbox, and cybercriminals are fully aware of this.
Some email scams aim low, with email subject lines that try to entice victims or send them into a panic.
Phishing emails might include a notification that a target has “won” a prize and needs to enter personal information to collect, or a fake email posing as a bank alerting you that you need to log in.
Other email scams are a little more complex, aimed at businesses. Phishers might pose as someone within your company and request that you download an attachment that contains details about a contract.
However, the contract is really Malware - Microsoft Office documents can host malicious macros that can help crooks gain access to a computer system.
Although most targets of basic email phishing don’t typically take the bait, the attack vector is overwhelming. Because of the large number of messages being sent out, there will inevitably be people who fall for the scam.
Spear Phishing
Spear phishing is a method cybercriminals may use against particular groups or people when they want to step up their game. Rather than a vague message, you might receive a specially crafted message.
It might be an email designed to look like an update from your bank, or any of your online accounts. Phishers can pull a one-two punch on victims of data breaches, seeking them out and pretending to be security professionals warning targets about the compromise, and urging them to click a malicious link to secure their account.
These are examples of spear phishing attacks on individuals.
Spear phishing does target consumers, but it’s used more frequently to infiltrate the network of a group, company, or organization.
Spear phishing messages aimed at organizations might contain a fake customer question, a fabricated invoice, or even a message that appears like it came directly from an executive.
Although these schemes take more effort, the payoff can be a lot bigger.
Email might still be the name of the game when it comes to phishing, but there are more channels of communication these days, and therefore, more of a selection of vectors to choose from that phishers can use to attack victims.
Social Media Phishing
Billions of people world-wide use social media sites like LinkedIn, Twitter and Facebook, which means cybercriminals have another playground to play in.
Some attacks are unsophisticated and easy to spot, like a message with a shortened URL leading to Malware.
But other attackers may pose as a person (usually an attractive woman), to harvest fake Facebook friends that they can use to appear legitimate to another target. Sometimes, catfishing will occur, as love scams are on the rise.
It’s important to be vigilant when you talk to someone you don’t know on social media - there have been successful hacking campaigns that have attacked technology, oil, and financial businesses.
Text Phishing
Text message phishing, or SMS phishing, or simply “smishing” are short messages crafted to grab your attention, often trying to panic you into clicking on a phishing URL within the message.
Don’t Take the Bait
Phishing is one of the most basic cyber attacks - but it works, and has been working for more than 20 years now.
Although some phishing attacks may be highly targeted, there are tell tale signs of common phishing schemes that you should be on the lookout for.
Basic Spelling and Grammar Errors
Attackers might use Google Translate to compose email messages. If you have received a message that is supposedly from your CEO with poor grammar or spelling, think twice before you open that spreadsheet.
Strange URLs or Shortened URLs
Examine links closely before you click on them. Although the hypertext might appear to be legitimate, if you hover over the link, you might see a different actual web address.
Or the URL might be shortened in the hopes that you won’t check the link at all and just click through.
A Strange Sender Address
Sometimes you might receive an email that looks legitimate, has a company logo and the right contact email address in the message body. Make sure that you check the sender address.
Many times the sender address will simply be a string of characters or designed to look almost exactly like a real company’s - but not quite.
Sadly, there are billions of people in the world that don’t go online regularly or are just not aware that the internet can be a dangerous place. Since the beginning of time - and crime - criminals have always targeted the naive or overly trusting.
Because phishing works, crooks will continue to work their schemes to try to steal from you in the laziest way possible. But by knowing what to look for, you can ensure that you won’t be a victim.
Ross is known as the Pambansang Blogger ng Pilipinas - An Information and Communication Technology (ICT) Professional by profession and a Social Media Evangelist by heart.
