April 3, 2019
Phishing can be perpetrated via text or voice (and it may even be done in person).
Here are a few pointers on how to avoid becoming a victim. Since subtle phishing attacks can be very sophisticated, you should always be alert and proceed with caution when interacting online or when giving out your personal information.
Avoiding phishing in text…
1) Know and trust the hyperlink.
It’s important to be on the lookout for phishing attempts both in your private and professional life. Obvious scams that show up in your spam folder – like a solicitation to invest in an overseas company you’ve never heard of – are easy to avoid. But what if you receive a message from an “old colleague” with a link to their Facebook page or their new business? Would you click it? If yes, before clicking, would you check the link address at the bottom of the browser or your email client? If not, and that old colleague isn’t who they claim to be, you might become the victim of a phishing attack.
A stop-now red flag is when the link doesn’t look like it will go exactly where it says it will. The email message may show the text “www.example.com” which looks legitimate, but in reality this link leads to “www.this-is-a-scam.com”. That’s an obvious one, but scammers are clever. The deception could be something less conspicuous, wherein www.example.com would lead to www.exanple.com. If you’re not paying close attention, the latter might be an imitator site.
2) Be wary of impostors
Once the victim lands on www.exanple.com (with the “n”), they may not notice the site isn’t authentic. A good rule of thumb is that after you click a link – after determining as best you can that it is legitimate, of course – you should always double check the URL bar to ensure it is the website you intended to visit. If the visuals look like what you were expecting but the address in the URL bar is not, then it could be an impostor site. If you enter any personal information on this page, you may be directed to a fake internal site or receive an error that asks you to try again later. While you wait to try again, the phisher can take the information you just sent them and do the damage.
Shortened links can present a problem, since they offer legitimate uses for many messaging services to help trim character counts. Unfortunately, this means it is easy to hide the true destination until the person clicks the link and lands on a malicious page. It is essential to check the URL bar in the browser to ensure you are where you want to be.
3) Be aware of what information you make public
Social media is a treasure trove of personally identifying information. Attackers don’t even need to really phish for it since there are some nefarious techniques they can employ, like utilizing memes and social media response posts. For example, a post may ask for three pieces of information about you to generate your “Hollywood nickname”: your first pet’s name, your high school’s first word, and the name of the street you grew up on. You might end up with something like “Fluffy North Oak”. Amusing? Sure. But those three words are partial answers to commonplace security questions that grant access to bank accounts, corporate IT systems, and other valuable entities, as well. If the attacker knows that information about you, they may be able to thwart one more layer of IT security.
Avoiding attacks on the phone…
1) Know the right number
Phone- and voice-based phishing tends to rely heavily on high pressure tactics and smooth talking. If you get a call you’re not expecting from someone you don’t know, you should immediately be on your guard. If someone calls claiming to be from your credit card company, do not give them any important information. Tell them you will call back. You should then look up the correct number on their website or your bill and call that number to avoid connecting to a fraudster. If the other party then insists you talk to them during this call or that they call you back, then there is a good chance they are not actually an employee of that company.
2) Be wary of driving callers
Driving callers are those that keep pushing you to answer. This type of caller will encourage you to do something and may even become angry if you do not comply. Many people, to restore social cohesion, will comply. That can quickly lead to divulging personal information. If someone is pressuring you on the phone, you should be very wary of giving them the information they want.
They might make claims like they are government officials investigating a case, that you owe their company money for some obscure subscription you supposedly bought years ago, and other high-pressure scenarios. Conversely, they may try to use other tactics like guilt. They may state that if they do not resolve this issue with you, right here and right now, they will be fired or not have enough in their next paycheck for rent. Don’t fall for these tactics and remain alert.
Follow your instincts
If your gut is telling you that a situation feels off, then listen to it. Always do your due diligence to stay safe online and before you share personal information. This can’t be said enough – if something seems like it’s too good to be true, then it probably is.