Quite possibly the most common form of attacks on this list; phishing uses emails, social media, instant messaging, and SMS to trick you into providing sensitive information, visiting malicious URL’s, or downloading malicious software in an attempt to compromise your system. Spear-Phishing is the more refined brother to Phishing. Spear-Phishing attacks are tailor made to trick a specific victim into giving up their information.
Phishing attacks are spot-able via these common characteristics:
- Phishing email messages have a deceptive subject line to entice the recipient to believe that the email has come from a trusted source, attackers use a forged sender’s address or the spoofed identity of the organization. They usually copy contents such as texts, logos, images, and styles used on the legitimate website to make it look genuine.
- Phishing messages aimed to gather user’s information presents a sense of urgency in the attempt to trick the victim into disclosing sensitive data to resolve a situation that could get worse without the victim’s interaction
- Attackers leverage shortened URL or embedded links to redirect victims to a malicious domain that could host exploit codes, or that could be a clone of legitimate websites with URLs that appear legitimate. In many cases the actual link and the visual link in the email are different, for example, the hyperlink in the email does not point to the same location as the apparent hyperlink displayed to the users.
How to stay safe
- Never open a link from an unsolicited email
- Ignore emails with calls to action such as; “Your account will be terminated!”, “New Invoice!”, or “Overdue Payment!”
- When in doubt of the legitimacy of an email, call the company using a number verified outside of the email
- Keep your computer up-to-date with the latest security patches
- Have a working and up-to-date antivirus/antimalware program