Going Phishing
Attackers are always looking for new ways to steal your information or access your systems. Although the method of “phishing” is not new, it has become more sophisticated and has spread across more platforms to cast a wider net. Emails are the most common, however, you can receive phishing attacks through phone calls, text messages, social media, or even QR codes.
Emails
Our inboxes are flooded with emails every day and even the best spam filters can’t catch all of the phishing attempts. The most common types look real and appear to come from legitimate sources like financial institutions, product vendors, internal departments, or even colleagues. Phishing emails used to be easier to spot with subtle misspellings or awkward grammar. Now they are much more advanced and can even seem personally targeted to your interests and online activity. Most of these emails have a common goal of getting the recipient to click on a link or attachment which will redirect them to a site to capture personal information, and credentials or install trojan software. Some emails may convey an urgent situation or appear to come from someone with an important title to further motivate the intended victim to open it and take action.
Attackers may also do more research utilizing social media so they can target specific individuals with more authentic emails. This is commonly referred to as “Spear Phishing” where they reach out to people with elevated titles or within specific departments like finance. The process of “Whaling” involves targeting very high-profile executives who have sensitive knowledge and elevated authority.
The more technology you use, the more vulnerable you could become. Be cautious when giving out information, clicking on links, opening attachments, or scanning QR codes.
Phone Calls
“Vishing” uses some of the same methods as emails except by phone. Attackers may pose as company representatives to collect personal or account information. They may also try to trick the individual into visiting a compromised website or receiving an infected attachment.
Text Messages (SMS)
If you have ever received a text message notification that there is a problem with your account or it has been suspended, this is known as “Smishing”. These typically urgent messages are yet another method to target individuals for gathering personal information or convincing them to click on a fake link. Attackers may try to spoof a known contact or use information posted on social media to gain their confidence.
Social Media
Fake or compromised accounts on social media platforms can also be used to deliver phishing messages and links. Even pictures can have embedded content that is launched when they are opened or downloaded. Don’t assume that these platforms are safe since attackers will troll these sites for information and potential victims. This method is called “Angler Phishing”.
QR Codes
You have probably seen QR codes (Quick Response codes) displayed on brochures, business cards, television commercials, posters, etc. These codes typically link to information on websites, social media, videos, or electronic documents. During the pandemic, many restaurants posted QR codes on their tables that linked to an online menu rather than providing a printed one. “Qrishing” is when attackers exploit this media to redirect victims to harmful sites or collect confidential information. Malicious QR codes can be printed and pasted over legitimate codes for many of the examples above.
Be-Aware
The more technology you use, the more vulnerable you could become. Be cautious when giving out information, clicking on links, opening attachments, or scanning QR codes. Try to verify the source and ask questions before acting. If you are unsure about the request or If something doesn’t seem right, contact the person directly to make sure someone is not spoofing their number or account.
