In a nutshell, a phishing attack aims to provoke or trick a target into giving away their sensitive data. It uses manipulation tactics and other forms of deception and fraud. The bigger the prize, the stronger the incentive – this is why companies find themselves on the hackers’ radar so often.
If you let their efforts bear fruit, it has the potential to cost you millions in damages. For the sake of prevention, sometimes it takes thinking like one of these fraudsters to keep yourself safe.
Table of contents
To stay ahead of the game, there’s no other way to do it than knowing the tricks of their trade. Below, you’ll find four real-life examples of phishing attacks and the signs that often give them away:
Nothing makes you jump back in your seat more than receiving an alert via mail that’s prompting you to take action immediately. Otherwise, you risk having your account deactivated. If you rely on a particular account to conduct business, you’ll be that much more likely to take the steps necessary to resolve the alleged issue.
For instance, you might get told that:
- additional verification steps are necessary as part of a new policy, or
- suspicious activity has been detected.
For one, clicking the link that they sent you is the last thing you want to do. Type in the official URL directly instead to make sure nothing is amiss. And if there’s no way around it and you’ve already followed the link they sent you, check for warning signs:
- grammatical errors,
- misspellings in the URL,
- shoddy-looking logos.
Only then input your login credentials.
Tech Support Scams
In their most typical form, tech support scams come through via email. But you can also encounter them as ads when browsing content online.
On some occasions, a scammer might also initiate a phone call with you or one of your colleagues. It’s not unusual for them to (mis)represent themselves as working under Microsoft or another IT company of high acclaim. They may try to convince you they can improve the performance of your computer or help clean up the clutter on your hard drive.
The giveaway? Check their credentials and be wary if they ask you for your login credentials or prompt you to install a piece of software. For all you know, it could very well be a backdoor trojan, keylogger, or another type of malware.
If you’re in dire need of tech support services, it’s best to get in touch with a reputable provider you’ve looked up on your own.
Infected Document Scams
Installing a keylogger on your computer to harvest your user credentials is simpler than asking for them. The only missing piece of the puzzle is tricking the victim into opening an infected document that contains the malicious code.
In a corporate environment, it is easier to do because documents are exchanged all the time (think catalogs, price lists, contracts, and the like). In this case, the solution would be to run the files through an antivirus scanner before opening them and verify that the sender is who they claim to be.
Impersonation / CEO Scams
To get what they want, phishing scammers often speak to you as an authority figure or masquerade as one of your superiors. And who in their right mind would question a request if it’s coming from the CEO, right? This is what they’re counting on in hopes of exploiting.
For example, you might receive an email from what appears to be your boss. They’re asking for the admin credentials to your company’s website.
Now, why would your boss not have access to it already? And if these are misplaced, why not generate a new password through the ‘I forgot my password’ link?
This is a suspicious request in and of its own, so it never hurts to contact your boss directly to double-check. Even if the request is legitimate, you should never send out a password in its bare, unencrypted form.
4 Ways to Prevent Phishing
Using your best judgment and combining it with vigilance is your strongest line of defense. As a general rule of thumb, you should:
- Never follow a link that’s sent to you via email. Instead, visit the website in question by typing it into the URL bar of your browser.
- Always scan all documents before downloading them. For that, you’ll need antivirus software.
- There are also software solutions like NordVPN’s CyberSec feature that detects and blocks website addresses that have been used for phishing in the past. Other than that, what is a VPN or NordVPN? It’s software that encrypts your internet connection and masks your IP address.
- Know that you should never share your credentials in plain text. If necessary, use password managers or other software that enable password sharing.
Cybersecurity essentials like having an antivirus, a VPN, and a firewall installed are another step in the right direction you should take if you haven’t already.
Phishing can be scary, but it’s easy to spot once you’ve studied their tactics and trained your eyes. Always be on the lookout for these dead-giveaway signs covered in this article.