You are probably aware that social engineering is an increasingly common threat vector used in almost every security incident. Social engineering attacks with phishing being one of the favorites are often associated with other threats like malware, code injection, and various network attacks. So we have come up with very important Phishing questions and answers by which you can protect yourself and others from malicious sites and other threats.
For example, email phishing was the most common type of brand name phishing attack, accounting for 44% of attacks, with web phishing being in the second place. This is just the tip of the iceberg, there are multiple questions surrounding Phishing as a security threat, and we are here to provide the answers. Let’s jump straight in.
Question #1: How Am I Exposed To A Phishing Attack?
We get tons of emails, messages, and notifications on a daily level. The main element without a phishing attack that can not work is a message sent via email, social media, or other electronic means of communication. An attacker can use social media to gather basic information about the victim’s personal work experience. These resources are used to gather information such as names of potential victims, job titles, email addresses, interests, and further activities. Attackers can then use this information to create trustworthy fake messages that resonate with the victim.
Commonly, the emails the victim receives usually appear to come from a known address or an organization. Don’t be tricked as these can be spoofed to impersonate the said organization. Attackers then create fake websites that appear to belong to a trusted institution, such as the bank, workplace, or university of the victim. Through these websites, attackers try to collect information such as username and password or payment information.
You don’t want your bank account password getting leaked or compromised, right? You may consider securing your online credentials by picking a unified password manager to prevent attackers from taking advantage of your online presence. Either way, phishing emails use a combination of psychology and deception to convince the recipient to do something the attacker wants. Some common excuses are online account issues, package delivery errors, unpaid bills, etc. Be careful!
Question #2: Okay, So How Can I Recognize A Phishing Message?
Scammers are getting more and more sophisticated when it comes to sending phishing emails and messages. But there are still a few signs to look for.
Strange Web Addresses
Another easy way to learn about potential phishing attacks is to look for inconsistent email addresses, links, and domain names. For example, it is better to check the previous contact that matches the sender’s email address. You should always hover your mouse pointer over a link in an email before clicking it to see the actual link destination.
Urgent Requests for Personal Information
In many phishing emails, attackers create fake login pages linked to emails that appear to be official. The fake login page usually contains a login box or a request for financial account information. If the email is unexpected, the recipient should not enter their credentials or click on the link. As a precaution, you should visit the website you think is the source of the email directly.
Inappropriate Language in Message
A direct sign of phishing is that the message was written in inappropriate language or tone. This will raise suspicion if, for example, a co-worker looks overly casual or a close friend uses formal words. You should check for any additional info in the messages that could indicate a phishing attack.
Question #3: Are There Different Types Of Phishing Attacks?
There are multiple different types of phishing attacks currently present. We have introduced the email as the most common type, now let’s go over a few others:
Malicious Content Injection
Malicious content is inserted into familiar-looking Web pages, such as email account login pages or online banking pages. This content may contain links to secondary websites, forms, or pop-ups that request you to verify your personal information, update your credit card details, change your password, etc.
Mobile phishing can be fake text messages, social media, voicemail, or other in-app messages telling the recipient that their account has been closed, hacked, or is about to expire. This message contains a link, video, or message to steal personal information or install malware on a mobile device. If you suspect something is wrong with your phone, you can check if your phone might be hacked to prevent any further damage.
Spear phishing is advanced targeted phishing via email. Criminals target specific individuals or organizations and use targeted, personalized messages to steal data other than personal credit card information. For example, breaking into hospitals, banks, and universities and stealing data can have serious consequences for an organization.
Audio or Voice Phishing
In this not-so-popular case, attackers leave a loud voicemail message or read texts that convince the recipient to dial another phone number. These calls are often designed for urgent purposes and encourage recipients to take action before bank accounts are suspended or, in the worst cases, criminal charges are brought.
Malware insertion occurs when someone clicks on an email attachment and accidentally installs software that searches for information from your computer and network. Keyloggers are a type of malware that tracks keystrokes and detects passwords. Trojans are another type of malware that tricks someone into entering personal information.
Question #4: What Do I Do If I’m Being Phished?
If you suspect you’ve fallen victim to a phishing attack there are a few things you can do to protect yourself from further damage.
Disconnect Your PC from Your Network
If malware is installed, removing the computer from the network will protect other systems and reduce data loss. Do not switch off the device – Disconnect the cable if it is connected to the router. Many systems have a switch or button that allows you to manually disable the wireless card if it is connected.
Stop Typing Immediately
Some phishing messages may try to install malware on your computer. Once you think you’re a victim or you’ve opened an attachment, it can be risky to take action on a computer. Keystrokes can be logged and sent to the attacker, or the system can be modified to corrupt or delete data. Use your phone or another computer to call the internet service provider.
Change Your Password
This must be done from an uncompromised device. Make sure to change the passwords to any of your accounts that may use the same password. For example, if you used a similar password for your Facebook and Instagram accounts. You should change both credentials.
Phishing is a serious problem in 2022, and it can affect anyone on the internet. By better understanding how phishing works, what to watch out for, and the red flags that signal if a site is malicious, you can protect yourself (and your close ones) against these threats.