They’re sent by email — a favorite communication channel of cybercriminals to date.
The offer is too good to be true — because it is.
These emails require your urgent action — they make you panic and force you to either click through the link in the email, download a virus with an attachment, or send sensitive data.
Many phishing emails that contain malware-infected links or attachments will get filtered and end up in your spam folder.
However, cybercriminals are getting smarter and they’ve learned to impersonate authorities all over the world. Your bank, your social security, and even the World Health Organization.
Also, instead of sending a generic email to as many emails they can find online, they scout you out and get to know you in detail before sending you an email.
Personalized emails are some of the most dangerous emails because they’re likely to turn into successful phishing attempts.
How can you spot such sophisticated phishing methods? Let’s go over a couple of scenarios.
Friendly Phishing Attempt from a Coworker
You get an email from your boss asking you to send your credentials or allow access to a part of the system.
You’re incredibly busy and buried in other work, so you send them the confidential data they’re after. This grants hackers complete access to the company, and they can now damage the its reputation and finances.
In cybersecurity, this method is known as spear phishing. Cybercriminals diligently select individuals and learn everything they can about them. Also, they scour their social media and the company’s website to learn more about the person they intend to impersonate.
To spot this type of phishing, always check the email address of the sender. The address will be similar, but it may have a different suffix than the corporate emails used by the company.
It’s also likely that the person who cyber criminals have impersonated is someone in the company with whom you rarely communicate. That should definitely raise a red flag.
Phishing Email Disguised as a Bank
Your bank sends you a notice that someone has hacked your credit card. To solve the issue, they send you the link you must use to log into your online banking account.
Once you click on the malicious link, it leads to the spoofed website that requires you to fill out your personal data, giving access directly to cybercriminals.
Most phishing scams are financially motivated so it’s no wonder that credit card scams are common.
So, how do you know if an email from the credit card company is real? For starters, your bank would never ask for your personal information, such as your credit card PIN.
Pro tip: Never click the link in the email from your bank. Head to your online banking by typing the HTML manually. This ensures you’ll avoid copycat sites.
Notice About COVID-19 From a Health Organization
You got an email from WHO with an attachment that contains the latest policies you should know to protect yourself and your family.
If you downloaded the attached file to your computer, the worst-case scenario is that you’ve actually installed malware that can get your passwords.
To avoid this from happening, visit official government sites directly to check for updated information.
At the start of 2020 since the spread of COVID-19, hackers have exploited the health scare for phishing attacks. We are more aware of them now, but it’s still advisable to double-check emails and not click on any links as they might download viruses to your computer.
Plea For Donation from Charity
A charity that collects money for polydactyl cats needs your donation right now. They are really struggling at the moment and accept gift cards.
If you donated without checking the charity out, it’s possible that your money went straight to cybercriminals – as a direct deposit.
Charity scams often target those following a disaster (pandemic, earthquake, etc.) and count on your kindness and empathy.
Clues that the charity might be fake is that payment is pushing for payment urgently. Real charities won’t pressure you. They allow you to donate on your own terms instead.
Another hint is that the charity insists on payment via gift cards because it’s more difficult to trace it than other forms of payment.
The third sign of a likely scam is that you’ve never heard of the charity.
Anyone Can Be a Phishing Victim – Don’t get Caught Out
Phishing, like any other form of cybercrime, relies on human errors and psychology. They largely targeting your empathy, prey on your fears, and know you trust authorities.
Because of that, you don’t immediately suspect that an email is spoofed. And this is something criminals count on.
If the email is more personalized and impersonates the government or our bosses, it’s more likely that you’ll fall for the scam. A lot of scammers even target high profile corporate executives (known as whaling attack) who would be expected to know better.
While we can see right through most of the scam emails that lead to phishing, even people who know a lot about phishing can be fooled by the more sophisticated methods.
To be safe, it’s best to employ the zero trust method — always be on the lookout for common scams and be suspicious when uncommon emails drop into your inbox.