It’s possible that since becoming an active Internet user, you have heard of the term “phishing.” The term itself refers to a kind of fraudulent activity that affects users by scamming them through fake emails meant to come from a reputable company.
Phishing started in the mid-90s, right when the Internet boomed and became popular among everyday households. It was easier to scam users because we knew little about online fraudulent activity.
Nowadays, users are more aware of phishing attempts through emails trying to gain access to personal information like bank accounts and social security numbers. Still, the amount of phishing attacks is high despite all the security to protect sensitive information. It’s a matter of being able to correctly identify phishing attempts and what to do about it if you catch it.
Phishing is a crime in the form of a scam received through email, text message, or phone. The way phishing works is by a user receiving some type of phishing email that poses as a legitimate company.
This “company” attempts to lure the customer into providing the phisher with personal information that they can later use to access username and passwords, credit card information, and any other sensitive user data. This can cause identity theft or financial loss.
Phishing campaigns all have a tendency to exhibit features that are easily believable and that seem completely plausible to a user.
Just like with everything, there are multiple types of phishing out there. However, there are particular types of phishing methods you should try to protect yourself from.
This type of phishing aims to target individuals in a corporation or system administrators in big companies that have access to important financial information on a corporate level. The term “spear phishing” stems from a fishing reference⸺when people fish with a pole, they can catch any kind of fish or item. However, when someone is fishing with a spear, they are looking to catch a particular fish, hence the term for this type of tactic.
Spear phishing mostly comes as an email that looks formal enough to catch the attention of the person opening it. For example, the letter received might have a case number and a reference to a legitimate entity like the Better Business Bureau attempting to accuse the company of some type of violation. These are the scams that later result in data breaches that compromise, not just the company’s information, but also that of the users in their databases.
Whaling literally goes after the “big fish.” This type of phishing is much more targeted and specific than spear phishing. It attacks the CEO of a company, for example, with a serious enough accusation that scares the person. It could be an alleged lawsuit that might affect the reputation, honor, and trust of a company. It will entice the person opening the correspondence to click on a link that will then ask the user to enter a specific set of data in order to access “more information” about the lawsuit.
Though it may be slightly uncommon, you can still get phishing scams through text messages. A common strategy used by scams like this one is to send a text message to a user telling them that their bank information was compromised or exposed without their authorization. It will provide a link for the person to log into and type in their bank information for verification. This gives the attacker access and control over the user’s account and endangers their identity and financial access.
Phishing attacks happen, and they are more common than we might think. There are ways to prevent and protect our information from not only phishing attacks, but any other scam or virus out there that is trying to gain access to our personal information.