It’s International Computer Security Day on 30 November – time to set sail on the vast seas of cybersecurity. In the ever-evolving digital landscape, being aware of potential threats is our compass to safe navigation. Today, we will focus on Phishing, which is a type of social engineering attack often used to steal user data, including login credentials and credit card numbers. It occurs when an attacker, masquerading as a trusted entity, dupes a victim into opening an email, instant message, or text message.
Phishing is like the elusive sea monster of the cyber world – lurking beneath the surface, waiting for unsuspecting sailors to take the bait. In this blog post, we’ll uncover the tactics used by the notorious “phisherman” and explore how you can stay one step ahead.
Types of Phishing Attacks:
- Spear Phishing: Imagine a fisherman with a laser-focused aim – that’s spear phishing. Attackers customise their approach, targeting specific individuals or organisations. Be cautious of emails that seem too personalised, requesting sensitive information or urging immediate action.
- Whaling: This attack works the same way as a Spear Phishing attack, however, the target of this attack will be high-level executives and decision-makers of the organisation.
- Vishing (Voice Phishing): The phisherman’s song can now be heard over the phone. Vishing involves tricking individuals into revealing sensitive information through a phone call. Stay alert for unexpected calls, especially those urging you to disclose personal data.
- Smishing (SMS Phishing): The phisherman casts a wide net with text messages. Smishing involves deceptive SMS messages, often containing urgent requests or tempting offers. Be wary of clicking links or sharing information via text, even if the message appears legitimate.
What’s the Point of Phishing Attacks?
Phishing attacks are designed to coerce a victim to undertake certain tasks for financial benefit or technical gain into a computer or network. Some of the tasks that a phishing email would request would be:
- Click on a link to download a file to your computer.
- Intercepting an email conversation to change invoice banking details.
- Requests for vouchers (Amazon, Apple, Xbox etc)
- The infamous (yet deadly) sim swap scam to gain access to various online and banking accounts.
- An email requesting payroll or HR to change an employee’s banking details.
The above are merely a small sample of how these scammers will try to get you hook, line and sinker. These phishers of the web rely on a method called social engineering to trick you into bidding their will. Their tools that they wield so well rely on urgency, fear or greed. Be wary of these emails from the deep that fall into any of these categories.
Protective Measures:
- Educate Yourself: Knowledge is your best defence. Stay informed about the latest phishing techniques and familiarise yourself with common red flags.
- Verify Before You Trust: If an email, message, or call seems suspicious, verify the sender’s identity through a trusted channel before taking any action.
- Use Multi-Factor Authentication (MFA): Add an extra layer of security to your accounts by enabling MFA. This makes it significantly harder for phishers to gain unauthorised access.
- Update your passwords regularly: Changing your passwords will lessen the chances of a cyber-attack.
As we sail into 2024, the threat landscape continues to evolve. Cyber-attacks, like ever-changing tides, bring new challenges. Keep an eye on rising trends such as ransomware attacks, AI-driven threats, and supply chain vulnerabilities.
In this digital age, our cybersecurity is a collective responsibility. Let’s navigate the seas wisely, armed with knowledge and resilience.
References:
- StaySafeOnline – International Computer Security Day
- Cybersecurity Ventures – Cybercrime Magazine
- org
- StaySafeOnline – Spear Phishing