Health IS Technology Blog

Phishing: How to Avoid The Bait


Login information phishing

Phishing is a way of committing fraud through scamming victims into providing hackers with secure information. Have you ever received one of those phone calls exclaiming that you’d won a free five-star vacation when in reality you know you never entered any sweepstakes? That’s a form of phishing. But with the majority of the world having internet access, it has become easier than ever to fall victim to a phishing scheme.

What is Phishing

These days, phishing is most commonly done through “spoof” links. These direct users to websites that strikingly resemble sites they are familiar with. A common phishing technique might be to email you from an email address similar to your bank’s. Then, a scammer could copy the landing page of your bank’s website in order to trick you into offering up your bank account information. Of course, from there a scammer can hack into your finances.

There are a couple of types of phishing. Here is a breakdown of a few.

Deceptive Phishing

This is one of the most common methods of phishing, and is done through the aforementioned spoof websites. Deceptive phishers will usually send out messages urging users to log in to their account in order to secure it.

Spear Phishing

This form of phishing is a bit more advanced. A hacker will break into a company’s social accounts and target connections. These phishers are familiar with the user they are targeting, so their attacks are more specific and might come from an incredibly familiar email address. Most cyber attacks are done through spear phishing.

Pharming

This form of cyber attack manifests itself through fake website domains. A user clicks on a site link and is redirected to a spoof website that usually asks for personal information. To avoid this

screenshot of secure connection of website to avoid phishing

Always find a website’s secure certification at the upper lefthand side of your web browser.

from happening, always double check the url of a site before you enter any secure information. Look for each website’s secure certification at the top left hand of your web browser.

Phishing Poles

Phishers don’t only use emails to deceive. Some victims are targeted through something as simple as a text message. You may receive a message from your bank claiming that your account has been used unusually, and to secure it you must log in through a provided link. This link would likely send you to a very convincing spoof of your bank’s mobile site, but when you log in with your account, the phishers will have access to all of your account information. From there, they can use your name to open credit cards or even commit crimes under your name.

Stealing a credit card through a laptop concept for computer hacker

Scammers will likely ask for your credit card information.

Ads may also house phishing schemes. Scammers might advertise a gift certificate for free products, or maybe an incredible discount at a store you love. The rule of thumb is that if something seems too good to be true, it probably is. If you ever click on a link that immediately directs you to a survey of some kind, especially one that asks you for any financial information, then it is a scam. It isn’t safe to fill out any of the information on this type of link.

Unfortunately, scammers have found many ways to take advantage of internet users’ vulnerability. The antivirus company BullGuard discusses how scammers prey on people searching for jobs in a blogpost on phishing.

“Bear in mind that phishers have made a habit out of targeting job hunters, taking advantage of their need to put their internet security at risk. They post phony ads all over the web, even on well-known job sites, and sometimes send them via e-mail. The ads look legitimate, displaying company logos and appropriate language, but once you click on the links they provide, you are taken to a fake site where you have to enter personal details. Usually, after a few days the phishers close down the site and remove the ads.”

Phishing on Social Media

With the rise of social media, phishers have found themselves with ample opportunity to trick users. Phishing scams have been found on Instagram and Facebook, but twitter is one of the most popular sites for scammers. According to news station WMUR9, twitter phishing schemes are initiated when a user tweets a complaint about the company. Then, a spoof twitter account will tweet the user with a link they’ll use to hack the accounts. For instance, a user might tweet “The @BankofAmerica app won’t let me log into my account again.” Then, a phishing account resembling the official Bank of America account might tweet the user back saying, “We’re so sorry to hear about that. Click on this link to secure your account.”

Recently, tweets have come up claiming that phishers will pose as accounts providing information on how to get verified on twitter. A verification on twitter comes with a good amount of prestige, which is why phishers are using this as a ruse to scam users. Some of these tweets have even used algorithms to trick twitter into promoting them. This gives the phishers even more access to victims.

Social media has made customer service representatives more accessible to users than ever. Unfortunately, this has made users just as accessible to scammers.

How to Avoid Being Phish Bait

The bottom line is that email, texting, and social media are not secure methods of communication. Because of this, legitimate businesses like your bank will not ask for personal information through these venues. Keep this in mind when looking out for phishing schemes. If you ever need secure information from your bank, you should either contact them by phone or go there in person. When calling your bank, be sure you are using the number present on your banking statement or credit card.

Keep your eye out for glaring grammatical or spelling mistakes in professional emails or posts. Most organizations will thoroughly proofread any content they are producing before making it public. A phisher is less likely to pay mind to things like grammar. Emails sent out by organizations you have accounts with will most often include your first name in the greeting. Scammers are more likely to include a generic greeting like, “dear valued customer”. If you have suspicions, compare the message to others from the organization. Look for any differences in syntax, format, links, etc. If anything seems off, then don’t click on anything and delete the email.

If you haven’t already, install a trusted security program on your devices. Look for not only anti malware features, but anti phishing ones, too.

Here are some more tips on how to handle phishing scams:

  • Always report phishing emails to the organization being impersonated. Some companies even have designated email addresses exclusively for reporting scams.
  • Don’t click on any links or download any files before confirming that the message or post is legitimate.
  • “Hover over any links before you click on them. If the URL of the link doesn’t match the description of the link, it might be leading you to a phishing site.” (Courtesy of Google Support.)
  • If you are going to provide personal information through a company’s website, make sure you typed in the website link yourself.
  • Make sure the email address or username match the name displayed.

Cyber security is just like security in real life: it’s better to be safe than sorry. When it comes to providing personal information over the web, there is no such thing as being too careful. Check, check, and then check again. Your safety is what counts the most!