Phishing attacks as we know them today first emerged in the early 1990s, as the Internet began taking form. Although the Internet has drastically changed since its inception, phishing emails have remained relatively the same.
Here, we discuss what is a phishing email, as well as other types of phishing attacks, and how you can better protect both yourself and your company from these cyber threats. Continue reading to learn more.
What is a Phishing Email?
All phishing attacks revolve around manipulation and trickery. A lot of phishing scammers disguise their emails as reputable businesses, brands, people, etc. They often use social engineering tactics to pique interest and prompt response, either through fear or a sense of urgency. For instance, an email can say you won a new iPhone, but you only have 25 minutes to claim it by clicking the link provided. Or, your social security number has been stolen, so you must contact them immediately.
Common features of phishing emails include virus-infected hyperlinks or attachments that immediately infect your device when you click them. Other emails may tell you to provide sensitive information, like your social security number, credit card information, or a photo of your license.
Types of Phishing Attacks
A phishing attack isn’t monolithic. There are a variety of scams out there. You should know how to spot them to protect yourself and your business when using a company device. Here are some of the more common types of phishing attacks:
1. HTTPS Phishing
Hypertext transfer protocol secure (HTTPS) are encrypted sites. They are considered more safe and secure than HTTP ones. A majority of businesses, particularly large ones, use HTTPS to establish legitimacy. Unfortunately, scammers can use HTTPS links to trick unsuspecting victims.
Luckily, there are ways to determine whether a link is legitimate or not. Hover over the link before clicking on it. If the URL is different than what’s said in the email, it’s probably a scam. Make sure it shows all parts of the URL. This is good practice to follow with any link you come across in an email or online.
2. Spear Phishing
Spear phishing can be quite unsettling because scammers are using publicly available information about yourself to target you. They can use the names of people you know, disguise themselves as the company your work for, or even use phone numbers pretending to be someone else.
When identifying spear-phishing, be on the lookout for:
- Abnormal Requests: These could include a request from an online store about a recent purchase, a donation request to a charity, an account being deactivated, a data breach with your bank, etc.
- Password-Protected Documents: An email with a link to a document that requires a login and password could be an attempt to steal your information.
- Shared Links: Always be wary of links to shared drives, such as Dropbox, Google Docs, etc. These could redirect you to a malicious website instead to steal your information.
3. Vishing/Smishing
Not all phishing attacks are through your email. Scammers can target your phones too. Vishing is when scammers call your phone about some type of emergency. These generally include calls about your car’s auto warranty, tax information during tax season, social security information, etc.
For smishing, it is the same concept, except they target you via text. Oftentimes, these texts can include infected links that install malware on your device. The best way to combat vishing/smishing attacks is to have Caller ID on your phone. Likewise, don’t answer any suspicious numbers and block them right away.
How to Stop Phishing Emails
Spam filters are great at preventing phishing emails from entering your inbox. Most company devices have spam filters already installed to mitigate a phishing threat. If you use a personal device, you can download spam filters.
High-security industries, like medical and financial, generally have advanced monitoring systems to root out phishing attacks. Inevitably, some phishing emails filter through. If you spot a phishing email, report it immediately, then delete it from your inbox.
Proactive monitoring is a great tool to protect your and your company from external and internal threats. At Vector Security Networks, we help keep business networks safe and secure. If you would like to learn more, contact us today.
