Phishing, smishing and spear phishing: avoid a cybersecurity attack
Did you know that humans are the weakest link in cybersecurity? You didn’t? Then we’ll let you off the hook. But we do want to help you avoid a cybersecurity attack.
And they want you to take action with your own cyber safety. Let us break down some cybersecurity terms so they don’t reel you in.
A can of terms for cybersecurity attacks
Phishing: an email sent to multiple recipients attempting to trick you into clicking on a link. It is one of the most annoying and dangerous threats we face online. Most of us know what it is and how it works, but we still get caught out.
A phishing scam involves criminals, masquerading as legitimate organisations, sending emails to hundreds of millions of organisations every day. The messages direct recipients to a fake website that captures personal information or releases malware to gain unauthorised access to a computer system to disrupt or damage it.
Vishing: has the same intent as phishing but tricks you into disclosing information over the phone. Often the caller uses fear and urgency to try and get you to act before you’ve had an opportunity to become suspicious. Note: Most reputable organisations will not ask you for your entire personal information.
A common vishing scam involves a criminal posing as a fraud investigator from your card or bank account company saying your account has been breached. It will ask you to provide your card details verifying your identity or transfer money into a ‘secure’ account, which is in fact the cyber criminal’s account.
Smishing: when someone tries to trick you into giving them your private information via a text or SMS message. The message will encourage you to click on a link in the text.
Smishing is a growing threat because people tend to trust a text message more than an email.
Chasing the big fish
Spear phishing: targets a specific person or enterprise. It’s a version of phishing that requires researched knowledge. They know what they’re aiming for, know what they want and can often spend years grooming people in an organisation until they get it.
It could be a direct targeted message attempting to gain access to your private information. For example, an email directly to a family member, from a criminal pretending to be a close relative.
Whaling: these attacks are even more targeted and take aim at senior executives of companies. Although the end goal of whaling is the same as any other kind of phishing attack, they go for the biggest fish in the company!
Five tell-tail signs of a phish
These signs can help you determine if something fishy is going on.
- The email asks you to confirm personal information
- The web and email addresses do not look genuine
- It’s poorly written with spelling or grammatical errors
- There’s a suspicious attachment or it asks you to click on a link
- The message attempts to elicit fear.
Being vigilant about these five signs will help you avoid a cybersecurity attack.