2022's best place for Cybersecurity Insights and Advice for Everyone

#1 - Signup to our list and get regular insights and advice on how to be cyber safe.

By entering your email address you agree to receive emails from EveryDayCyber. We'll respect your privacy and you can unsubscribe at any time.

What is Phishing?

by Cyberguy | Last Updated | August 20, 2021
Cyber Dictionary|CyberSecurity - Consumer|CyberSecurity - SMB

Phishing is a cyberattack that attempts to trick people using email, text messages, phone calls, or even fake websites into giving away sensitive and confidential information.

Phishing scams extract information like social security numbers, credit card numbers, bank accounts, names, birthdates, phone numbers, addresses, and all types of other private and sensitive data. The scammers behind these attacks often disguise themselves as trustworthy sources.

The goal can be anything from trying to get you to send them money, hand over confidential information, or even download malware unwittingly. The scammers use lies, trickery, forgery, and outright manipulation to succeed.

Their goal is to obtain information about you to steal money from your accounts, use your credit card, perform identity theft, and a myriad of other crimes.

Phishing falls into a cybercrime category called “Social Engineering,” which refers to cyber-attacks that rely on human fallibility rather than hardware or software flaws to work.

How does Phishing work?

  1. The bad actors start by determining who their targeted victims will be (will it be businesses or individuals) and builds strategies to determine how they will extract the information they want.
  2. Then they use methods like fake emails or bogus web pages to send messages via email, SMS, or even phone calls that lure data from their victims.
  3. They send messages that appear trustworthy to the victims, which fool you into taking action like clicking on a link.
  4. Once the phishing attack is in motion, the bad actors will monitor and collect the data that victims provide on the bogus web pages.
  5. Once they have collected the victim’s information, the bad actors use the data for illegal purchases, sell the information on the dark web for others to use, or commit other fraudulent acts like identity theft.

What is Phishing - How does it work

Phishing attacks do not all look or operate the same, and the bad actors are a very creative group. Phishing scams will take many forms and have different goals in executing them.

What are the types of phishing attacks?

There are many different Phishing attacks, but far and away, email is the primary delivery system. Phishing emails will use various techniques to entice, encourage, even scare you into clicking the link. They convince you that if you don’t, you may lose out on an opportunity, or something terrible might happen like having an account closed, or service stopped if you don’t respond.  The use of fear, uncertainty, excitement, fear of missing out – exploiting human emotion – is part of the “Social Engineering” methods the bad actors use to cause victims to click when they should not.

Some example attacks include emails that lure you into clicking on a link to verify that a credit card or bank account is yours. Others might scare you to take action because if you don’t, something terrible could happen, such as losing access to your email if you don’t click the link. If you click the link, a fraudulent website is presented. The bad actors ask for personal or financial information. The information is captured and then used for bad things. The other common scenario is when you click the link, malware or adware installs onto your device, which creates a whole new set of issues.

There are 5 primary types of phishing attacks. 

  1. Basic Phishing emails

The most common form of phishing is through emails that lure, entice or scare you into action – typically to click a link in the email that takes you to a fake website to extract sensitive info.

  1. Spear phishing

Spear-phishing is email targeted toward a specific individual, business, or organization. Unlike standard phishing emails, the bad actors who send them spend time researching their victims. The technique uses even more in-depth social engineering methods and designs the emails to look like they’re from legitimate sources.

A classic example of spear-phishing target specific employees and make the email appear to come from their boss requesting the employee access sensitive company information or take some action – like paying a bogus invoice or sharing confidential information. Given the email’s apparent source, the employee may follow the instructions, not realizing it was bogus.

  1. Whaling 

Whaling attacks target corporate leaders (chief executive officers, chief operating officers, or other high-ranking executives in a company.) The objective is to fool these leaders into giving up the most confidential and sensitive corporate data.

These attacks tend to be the most sophisticated and involve plenty of research by scammers. They rely on fraudulent emails that appear to be from trusted sources within the company or legitimate outside 3rd parties.

  1. Clone phishing 

Clone phishing might be one of the most difficult phishing scams to detect. In this type of attack, bad actors create nearly identical versions of emails that victims have already received.

The senders’ address in the cloned email is nearly, but not quite, the same as the message’s original sender’s email address. The email’s body is duplicated, so the emails look the same. The threat comes from the attachments or links in the cloned message.  They are changed to a link or attachment that the bad actor has created. If you click on the link or download the attachment, it will take you to a fake website or open an infected attachment.

  1. Pop-up phishing

Pop-up phishing, which is a variant of malvertising or adware, is a scam in which pop-up ads trick you into installing malware on your devices or convince you to purchase antivirus protection you don’t need. They often use scare tactics as well. A common pop-up phishing scam pops up on your screen, warning you that your device is infected and the only way to remove the virus is by installing a particular type of antivirus software. If you install this software, it generally doesn’t work, or worse, it infects your device with malware.

#2 So here we are at the middle of the post. We still think it's a good idea to signup.

By entering your email address you agree to receive emails from EveryDayCyber. We'll respect your privacy and you can unsubscribe at any time.

How to protect yourself from these attacks?

Bad actors are a creative group and are constantly coming up with new phishing scam techniques, but there is good news. You can protect yourself and your organization by being cautious, diligent, and applying common-sense practices.

How to being Phished

How to recover if you clicked or downloaded from a phishing email?

The scammers got you. Perhaps you sent financial information or clicked on a link that installed malware on your computer.

If this is the case, you will want to act quickly. Here are some steps you can take if you think a phishing scam has hit you. 

So here is everyone’s reality – Phishing attacks are the most prevalent form of cybercrime. Keep your eyes peeled, or you may get hooked!!

#3 You really should sign up. "Scouts Promise" ... it really will help you stay cyber safe.

By entering your email address you agree to receive emails from EveryDayCyber. We'll respect your privacy and you can unsubscribe at any time.