Understanding Phishing

Phishing is a very common type of social engineering. If you haven’t already been targeted by a phishing attack, you probably will.

In the past, phishing mostly happened over e-mail. However, nowadays, phishing attempts can come through SMS (smishing), messaging apps such as WhatsApp (whishing), iMessage, Microsoft Teams, phone calls (voice phishing or vishing), and social media channels.

Here's an example.

What’s happening here? The threat actor is trying to get the parent to send money to what the parent believes is their child. A scam like this plays on a parent’s concern for their child, creating a feeling of urgency. This can be very upsetting for the parent and threat actors have been successful in using this scam.

Let’s consider another example:

Two-factor authentication (2FA) is a security step that protects your account by asking you for two types of proof to access it. The second step is often a code sent to your phone or e-mail. In a popular scam on WhatsApp, someone tells you that they gave your number by mistake. Then, they ask for the code sent to your phone so they can get into their account. This is an unauthorized verification code scam.

These are just two examples of phishing, but there are many more:

Phishing can also lead to malware, where clicking on a link or opening an attachment can install harmful software on your computer or device. This can slow down your device's performance, cause crashes, and unwanted advertisements. Even worse, it can steal your private information, damage your files, or even control your device without your knowledge.

Ransomware is a type of malware that can encrypt your files, effectively locking you out of your data. The attacker then demands a ransom from you, promising to restore access to the data upon payment. If you find yourself in this situation, don’t pay the ransom. Hopefully you have your files backed up and you should restore this backup.

So now that you know what phishing is and how it works, what can you proactively do to avoid falling for a phishing scam? The following steps can reduce your chances of becoming a victim of phishing.

• Have a family safe word that only you and your family know. Use this safe word to check if the sender is who they say they are.
• Message the sender separately to check if they really did send that message.
• Check the e-mail address of the sender and compare it to other e-mails from that sender, but remember that e-mail addresses can be faked.
• Check for grammar and spelling mistakes, but keep in mind that artificial intelligence (AI) makes it easier for threat actors to avoid these mistakes.
• Check for a generic greeting, for example, ‘Dear user’, instead of a message that addresses you by name.
• Run the virus scanner on your e-mail provider, if there is one available.
• Don't click or download anything until you check that the e-mail or message is from a legitimate source.

New phishing scams are being developed all the time, so it’s a good idea to educate yourself about these scams. Keeping yourself informed can save you a lot of trouble in the future!