What is phishing and how can you avoid it?
We’ve all heard the stories. In the news, on social media or from friends and family. So-called phishing attacks that hackers use to get your personal information or access to your bank account. These attacks are becoming more and more sophisticated. In 2020, $54 million dollar was stolen by using this method.
But what exactly is a phishing attack? And how can you best avoid a phishing attack in your work or daily life? That’s what this guide will focus on.
Understanding phishing and how to avoid it is an important step in keeping yourself safe online. With that in mind, let’s get started.
What’s phishing?
Phishing is a form of cybercrime. It’s often called social engineering. A phishing attack uses an official looking message to lure personal information out of the victim. It can be an email, phone call or a text message.
Whichever method phishing attacks use, they always use the same basic strategy. They pretend to be someone else. A well-known brand, a website selling cheap products or even the government. While pretending to be someone else, the fraudsters behind the phishing attack try to get personal information and banking details from the victim.
Phishing has been around for a while. The first lawsuit against a fraudster using this method is from 2004. This scam had official looking websites telling its victims that there had been some technical issues. So they had to enter their personal information, including their social security number.
Since that first scam, a lot of different types of phishing attacks have come up. Let’s take a look at each of those.
Types of phishing attacks
Every modern form of communication can in theory be used for phishing. As long as a fraudster can pretend to be someone else without you noticing. The biggest methods for phishing are email, websites, sms or whatsapp and phone calls. Let’s look at each of these in order.
-
Email Phishing
The classic form of phishing. When we talk about this kind of scams we usually refer to email phishing. How does it work? You get an email that looks either very official or totally harmless. An official looking website would have you believe you still need to pay a fine, for instance. The email has a link on which you can click to pay that fine. Don’t do that! The fine is most likely fake. No official organisation asks you to pay for something via email.
If you are unsure if an email you received is a phishing email, you can use our guide on how to recognize one. If you’re still unsure, contact the organisation that you think the email comes from. Let’s say you get a suspicious email from a courier service asking you to pay for a package. Instead of paying immediately, reach out to the courier service and verify the email.
Another way phishing emails can be used is by having an attachment to the email that the fraudsters ask the victim to download. When they download the attachment they also download a piece of malware, like a keystroke logger. This allows hackers to see what you type, so they can find out your passwords.
Some of the most infamous phishing attacks were email attacks. We’ll discuss some of those further down.
-
Website Phishing
Closely related to email phishing, but here it’s not an email that is faked, but a website. This can include official government websites as well as webshops.
In the case of a webshop it’s often the goal of a scammer to try and get victims to pay for something they will never receive. Once the victim realises what happened, they will complain at the company whose website had been faked. But they never received the payment, so are unsure what to do.
Scammers are becoming better and better at faking websites. But there are still ways to recognize one. They can’t totally fake the web address. As always, if you are not sure, don’t pay or enter your personal information.
-
SMS & Whatsapp Phishing
Whatsapp and SMS are not commonly used for business or commercial purposes. For that reason they’ve been used less for phishing. But recently, especially during the Covid pandemic, there has been a rise in a certain kind of Whatsapp phishing scam.
Fraudsters will pretend to be a family member. They’ll send you a message saying they lost their phone and are stranded. Could you please wire money to a certain bank account?
When we put it like this, it sounds suspicious. But fraudsters have found ways to make it look real. They won’t ask for money up front, but chat from the new phone number as if they are that relative. They’ll use social media to include personal details and mimic the tone of their voice.
Again, the best way to prevent yourself from falling for this, is by verifying the message. If a relative is messaging you from a new number, message them on their old number to check the story.
-
Phone call Phishing
The final type of phishing we’ll look at is phone call phishing. Here a scammer will call you out of the blue pretending to be from some kind of organisation. This will often be a bank or tech support.
During this phone call they will try to get you to give your personal information to them. This may include passwords, credit card details, social security numbers and more.
Scammers can spoof caller ID, so don’t rely on that. It might look like you’re being called by your bank, but in reality it’s a scammer.
How to avoid phishing attacks
Now you know what the different types of phishing attacks are. But how do you avoid falling for them?
-
Be wary of common phishing techniques
We’ve mentioned it a couple of times throughout this blog, but verify the source of a message. The best thing you can do when getting a suspicious message is ignoring it. If you feel like you can’t, because the information is too important if it is true, always verify the message.
Don’t do this by replying to the message. But send an independent message to the organisation that the suspicious message might have come from. They can tell you if the message is real or not.
-
Never give out personal information
As a general rule, no-one asks you for personal information out of the blue. If you get an email, or a phone call, asking you to give them your password, or social security number. This is almost always a scam.
Many phishing emails have a link that sends you to an official looking website where you have to enter personal information. Again, it’s uncommon for anyone to ask this of you. So never enter personal information or banking details in a link from an email.
-
Use prepaid credit cards
Credit card information is a common thing for phishing scams to steal. They get the information from the victim and use that to send money to themselves. Many prepaid credit cards have a reasonably high limit, so you can lose a lot of money if you are scammed like this.
Prepaid credit cards can help in situations like this. They offer an extra layer of security. The only money on a prepaid card is the money you put on it. So even if your prepaid credit card details leak, they can’t steal that much from you.
Prepaid credit cards are easy to use. Check our guide comparing prepaid cards if you’re curious. You can also buy prepaid cards on Recharge.com. Check out our prepaid credit cards page to see all the cards we have available.
One prepaid card that is very useful in this case is the Visa prepaid card. You can use it just like you would a regular credit card. But with that extra layer of security that a prepaid card offers.
Staying safe on the internet
There is never one foolproof way to stay safe on the internet. It’s always a combination of strategies that will help you. Making sure you know how phishing works is one of those strategies. Since you reached the end of this article, you’re well on your way to staying up to date on phishing scams. But what other strategies can you use?
We already mentioned prepaid credit cards above. Another thing to realize is the importance of a strong password. Adding these strategies together gives you the strongest protection against scams.
