Somewhere in the late 90’s hackers began sending out emails in the attempt to get a hold of users’ passwords and other private information. These emails would generally contain some form of “bait” or lure, sent out to a network of users in the vast metaphorical ocean, that we call, the world wide web.
Of course, most of these users didn’t take the bait, but a few did. And these few were enough to set things in motion for a whole network of scam artists. Soon after, the term “phishing” was coined.
The “ph” is actually a reference to “phreaking” a term coined by Captain Crunch or John Draper, creator of the phone-hacking system called the Blue Box.
Now, no one likes being played. And while the awareness of these “phishermen” seems to have spread, they’ve also gotten proportionately smarter. So it’s smart to question how to know whether that mail you just got is genuine or just another phishing scam.
And that’s exactly what we’re going to look into today!
What Really Is “Phishing”?
Over the years, the meaning has evolved to include a more diverse form of phishing scams. While the origin may have been emails or phone calls (this is often subject to debate), it has taken a whole range of forms in recent times.
- Fraudulent Emails
- Domain Spoofs
- Phone calls (or “vishing”)
- Text messages (or “smishing”)
- Search Engines
- Whaling (impersonating a senior official)
The essence of a phishing scam involves impersonating an organization or individual to get valuable information out of the victim.
How to Know If Something’s “Phishy”
These scammers are definitely getting more creative, however, you can stay ahead of the game. Here are a few signs that can help you identify a phishing scam!
A Request for Sensitive Information
Firstly, when you get a mail that requires you to provide sensitive information like your password, pin code, credit card number, or the like, it’s time to get suspicious. Organizations very rarely ask for such private information over a random email, phone call, or text message.
Click a Link? No Thanks
Be wary of any message that requires you to click a “link”. Very often, this is just a trap to get access to your account information. Study your email or text very carefully, before you download any attachments or redirect yourself to another website.
The Suspicious “State of Emergency”
Another thing to watch out for is an unnecessary “emergency” alert. You’ve got to keep your eyes open for this kind of bait. If you think about it, the only way they would be able to get information out of someone is by convincing you of some drastic consequences in case of non-compliance.
Look, no bank account is randomly going to shut down your account. Most organizations would probably require you to head to their office in person, before they take any sort of legal action or anything to that regard, against you.
Now, when it comes to organizations that you’ve only had contact with online, it could get a bit tricky. However, a good practice is to ensure that whenever you are asked for private details and information, just call up customer care and verify the sender’s credentials.
If the organization doesn’t have customer care, well, then you may as well not associate with it.
If It’s Too Good to Be True, It Probably Isn’t!
We’ve all gotten those free money coupons, and man, if only they were real! Unfortunately, your number probably did not win ten thousand pounds in that random lottery you don’t remember entering, so it’s best to just ignore it.
Much like the emergency alert, the other end of the spectrum brings with it, a similar psychological influence. The main idea is to get you excited; get that adrenaline pumping so that you make a quick, rash and regrettable decision.
But you’re smarter and more cynical than that. An hey, if you didn’t before, you know better now.
So What Can You Do If You Find Yourself or Your Company Victim to a Phishing Scam?
Prevention is better than cure, but sometimes you catch a disease before you even know of its existence. Here’s what you can do to if you or your organization has encountered a phishing scam or are simply trying to stay safe.
Multi-Factor Authentication for Your Accounts
You know those emails you get from Google asking you to double up on security? You can go right ahead and do it. Multi-factor authentication will ensure that even if your password does get out, maybe it isn’t enough to access your account.
Security Software for Your Device
The villains may be getting smarter, but there’s always a smarter superhero out there to battle him. Ensure that your mobile phone, PC or laptop is updated with quality security services that don’t allow accidental clicks to lead you to a virus-laden trap.
If you’re running an organization it is important to brief your employees or administration on phishing scams as well as the basics of how to spot them. Make sure your devices are infrastructuraly secure on all fronts to ensure minimal damage.
Report It to a Relevant Authority
Feel like you got scammed? Report it ASAP! In America, the Federal Trade Commission or the FTC is responsible for protecting consumers from scummy, scam artists like these.
If you accidentally opened a phishing email, be sure to report it as soon as you can, run a security check on your device and update your security software to stay protected.
Sometimes, you can also report the mail to the original website. For example, if you suspect a fraudelent email from someone impersonating PayPal, you can report PayPal phishing to firstname.lastname@example.org.
A lot of other organizations have created special services to help you identify and report scams such as these. All you need to do is research! If you yourself are running an organization such as this, you can also dedicate a portal for customers to access in case they suspect someone impersonating your organization.
File a legal complaint and let them face the legal repercussions they deserve!
Keep your eyes wide open!
Pay attention to the little details like bad grammar, vague phrasing and shady graphics. Obviously, there might be some phishers who use a more sophisticated approach, but for those, you can always contact customer care.
Security breaches are becoming more common by the day. Check out our blog for more information on how to know, and what to do if your cybersecurity is being threatened!