Don’t Take the Bait: How to Protect Yourself from Common Phishing Scams

Phishing scams: for many people, they’re an obvious threat with tell-tale warnings signs, but for many others, it’s not always clear when a request for your data is suspect. Data shows phishing accounts for 90 percent of all data breaches, with 76 percent of businesses reporting falling victim to such attacks in 2018.

These attacks involve scammers luring their victims into sharing personal information. The bait — or the way in which they convince unsuspecting browsers to cough up the goods — isn’t always the same, but these scams come with similar financial consequences if successful.

Anytime a scammer has your information, they have what it takes to get into your financial accounts and commit fraud.

You can reduce your chances of becoming a phishing victim by understanding how to spot these scams. Here are some of the most popular kinds circulating today.

Email Scams

Your inbox may be a minefield of phishing lures. Scammers impersonate familiar brands in hopes of you taking the bait, some going as far as copying a company’s name, logo, and formatting to swindle you out of your data.

Fortunately, a close inspection of these emails will always reveal them for the cons that they are. Scammers may use a trusted financial institution’s name in their email, but they won’t have the right domain.

You’ll know there’s something fishy by what they ask you to do. Scammers will ask you to share your personal information or login credentials in a direct reply. They usually suggest you owe money and rely on intimidation to scare you into doing what they want.

A financial institution or lending company will never ask you to share personal information or login credentials in a direct reply, nor will they use aggressive tactics. Remember, if you open a checking account or borrow from a direct lender, you’ll have an account with these banking and personal loan organizations where they can access your data directly.

Spear Phishing

Spear phishing is a highly personalized version of the previous technique, upgrading a rather generic message into one curated for its intended audience. Scammers who send these spear campaigns will customize their email with the target’s name, employment details, phone number, and other information that make their request seem legit.

The malicious email will again ask its victim to share personal information while pretending to be a legitimate sender. Scammers may also want their victims to click a predatory link that sends them to a fraudulent website.

Whaling or CEO Fraud

A whaling attack uses the same strategies as the others but targets upper management in large organizations. They want to trick C-level employees into sharing details or clicking links so that they can harpoon their login credentials.

With these details in hand, scammers have a lot of power to wreak havoc with the business’ finances. They can pose as high-ranking execs, authorizing wire transfers, taking out business installment loans, collecting employee financial information, and much more.

How to Stay Protected

Awareness is the first step to keeping your personal information safe. But to make sure you don’t take the bait, you should always enter your inbox with these tips in mind.

  • Double-check the sender and look for inconsistencies or spelling mistakes
  • Hover over hyperlinks and attachments to see their destination — don’t get caught by URL lookalikes, especially when it comes to Google Drive
  • Never reply in-email with login credentials or personal information

Test your abilities against Google’s phishing quiz to see how you do now that you know what to look out for. This test is harder than you think, but it’s better to fail here than in your inbox. This way, you’ll be able to spot a scam right away and avoid falling for their ploys hook, line, and sinker.

BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.