Phishing is when a cybercriminal poses as a legitimate organization to try and lure you into providing sensitive data.
Sometimes they send you an email or call you asking for your banking or credit card numbers, even your usernames and passwords.
This information is then used to access important accounts and can result in identity theft and financial loss.
When this is done over SMS text messages — it’s referred to as smishing.
Here are some of the tactics that might be used by somebody trying to phish or smish you:
They might try to scare you by saying your information has already been compromised or threaten to close your account, fine you or even take legal action if you don’t respond.
On the other end of the spectrum, some messages will make it seem like you’re being rewarded — receiving inheritance from a long-lost relative, winning a contest you’ve never entered, or getting a refund for something you didn’t purchase.
Whether they’re playing good cop or bad cop, there will often be a sense of urgency to phishing requests. To encourage action without thinking, phishers will often give tight deadlines.
No matter the tactic, here are some ways to tell if the messages you receive are actually phishing attempts.
Phishing messages can be impersonal, addressing you as Sir or Madame instead of using your name.
They’re more likely to have spelling and grammar mistakes or unprofessional graphics than legitimate organizations.
They’ll also come from a domain unrelated to the company they’re pretending to be from. So double check the address when you receive an email by hovering over it with your mouse.
Unfortunately, there are fewer clues when it comes to smishing. The best way to determine is a text is fraudulent is just to ask yourself — would this organization be texting me and asking me to take action?
In most cases, the answer is no.
In fact, stopping and asking yourself that question is a great way to protect yourself from all forms of phishing.
If you’re still not sure, get in touch with the organization by using the contact information on their official website. If there’s really a problem, they’ll let you know.
Legitimate organizations don’t usually ask you to verify or provide confidential information in an unsolicited email or text.
Phishing scams are on the rise — but follow these tips and you’ll be sure not to take the bait.
What does phishing look like?
Phishing messages appear to be from a legitimate source but, in reality, they are from cyber criminals who are attempting to trick you into sharing sensitive information. In these messages, cyber criminals frequently use scare tactics, such as threatening to close your accounts or arrest you unless you give them information that you would ordinarily keep secure. If successful, the cyber criminal can use that information to steal your identity or to gain access to your accounts.
For example: Many cyber criminals claim to be from government organizations and threaten potential victims with fines or an arrest if they do not call them back with personal information.
What are the different forms of phishing
Phishing refers to any attempt to steal information, whatever the means. Phishing messages can come in almost any form: Emails, text messages, social media direct messages, or phone calls.
In most cases, cyber criminals’ phishing campaigns are untargeted attempts to solicit personal details by casting as wide a net as possible to get people to respond.
However, there are more specific versions of phishing that are worth knowing about:
Is a phishing attempt through SMS (text message).
Is a hyper-targeted phishing attempt in which a message is designed to sound like it’s coming from a source you know personally.
Is a phishing attempt aimed at a high-profile target such as a senior executive or other high-ranking official in an organization or government department.
Involves creating a fake website to get someone to share their personal information
The dangers of falling for a phishing campaign
Falling for a phishing scam can be very costly; you can lose money and your personal identity.
Cyber criminals can use the information that they gather to steal your financial information, open accounts in your name, or steal your identity.
How to protect yourself from phishing campaigns
There is no simple way to ensure you are 100 per cent protected against phishing campaigns.
Phishing campaigns are becoming increasingly elaborate, and the growth of digital platforms, like social media, have given cyber criminals many opportunities to reach victims.
The best way to protect yourself from a phishing campaign is to be extremely cautious any time you receive a message that asks you to reveal personal information – no matter how legitimate that message may appear on first glance.
Whenever possible, you should try to verify requests for information through another means.
For example: If you receive a message from your bank requesting you take immediate action to click on a link or verify some information, simply call your bank branch directly to verify the message’s legitimacy.
Remember, most legitimate organizations will never ask you to reveal information through an email or text message.
Phishing campaigns can be difficult spot. Cyber criminals have become experts at using sophisticated techniques to trick victims into sharing personal or financial information.
But the best way to protect yourself is to learn how to spot a phishing scam before you take the bait.