What Does a Phishing Attack Look Like?

Phishing is one of the many ways cyber criminals try to gain sensitive information from individuals. This information is then used to carry out crimes online, including accessing funds or services using your login details.

Over the years, phishing scams have become more sophisticated, meaning cyber criminals are constantly reevaluating what they know about phishing scams and how they can better commit cybercrimes.

Popular channels scammers go through to deceive innocent people include email, phone calls, text message, and social media. Phishing attacks typically take place electronically and are often disguised to seem like communication from an institution you are already familiar with.

These kinds of attacks are especially a threat for large companies because of the amount of sensitive information and number of employees associated with the company.

How can you identify phishing?

The best way to protect yourself from being taken advantage of is to know precisely how these types of scams work. Once you are able to spot the tell-tale signs that contact is not genuine, then you can prevent cyber criminals from gaining your personal information.

What should you be looking out for?

• Spelling mistakes: Phishing emails or contact messages are often full of spelling mistakes or broken English. Always read the information thoroughly and check for common spelling mistakes, poorly translated sentences, or grammatical errors. Genuine companies will not send you emails or messages with such obvious mistakes.
• The addressee: Is the email directed to you personally by using your name? If so, does the establishment they are purporting to be from always communicate with you like this? Look for differences in how you are addressed by referring to previous communications from the company in question and double-check all information included.
• Email Address: Theirs, not yours. Most times, you will receive emails from addresses that are not connected to the specific accounts or services they claim to be associated with. This is a good indication the email is a phishing attack. However, by checking the sender’s email address, you can reference this against a company’s official address to confirm legitimacy.
• Time Sensitive: Aside from final bill demands for services, most companies will not pressure you into responding urgently or ask you to take action under pressure. Additionally, they will not ask you to fully reveal or confirm personal information through email.
• Email Attachments: Scammers will usually attach something that looks too good to be true. In fact, it’s probable that if you download or open such attachments they will infect your system with malware created to steal sensitive information.

How can you protect against phishing?

Protecting you and your company from phishing starts with having rigorous training in place to educate people about the signs and dangers of phishing and stressing how easy it is to fall for these types of scams. 

Remember not to disclose private information over the phone or internet. If you are in any doubt, then you need to end the call, close the email or text, and get in touch directly with the company who is supposedly trying to contact you. Do not feel pressured into continuing communication, disclosing personal details, or sending money.

Businesses may want to partner with an experienced IT company to ensure comprehensive cybersecurity IT services to protect your online security. This can help ensure that your company’s systems are protected from malware and viruses, and your IT provider can monitor systems and alert you if you happen to click on something that could put important information at risk.

Setting up spam filters and engaging in phishing simulations will help protect you, your company, and all private information. Proactive protection is the best tool for avoiding phishing attacks, so equip yourself now with the tools and knowledge you need to identify a phishing scam.