Even the most skilled cybersecurity expert can fall prey to today’s incredibly sophisticated phishing attempts.
Phishing can take place in a variety of ways, but recognizing these “lures” is a powerful way to defang cybercriminals.
• Phishing. Traditional phishing comes in the form of a fraudulent email that encourages recipients to click on a link and provide personal data. Often the subject lines are designed to entice the receiver with an interesting headline, timely topic or urgent request.
• Smishing. An attacker sends a text prompting the recipient to click a link or call a number for more information. If the link is clicked, the user downloads malicious software to their phone.
• Vishing. An attacker uses the telephone – or voice – to gain access to sensitive information for financial gain. The criminal usually poses as someone they are not, such as another employee, technical support person or someone representing a government agency.
• Quishing. An attacker creates a fake QR code and uses it to direct victims to a malicious website that prompts them to enter their personal or financial information.
Ultimately, the easiest way for a cybercriminal to steal your information is to trick you into sharing it. Their fraudulent communications will often look official and appear to have come from a trusted source. However, there are warning signs to watch out for. Pause and ask yourself the following questions before responding.
• Do you know the person who sent you the message? The source of an email or text can easily be forged, making it seem that a request is coming from someone you know. If something seems off or if the sender is asking for money or personal information, contact them through a different channel than the original message to confirm the message came from them.
• Does the message create a sense of urgency? Criminals will often try to rush you into making an unwise decision. An example of such a message may read, “confirm your login details in the next 24 hours using the link below or your account will be suspended.” Always take the time necessary to think through your response and confirm legitimacy.
• Does the offer seem too good to be true? Treat any messages announcing you’ve won money, a prize or the opportunity to purchase an item at a significant discount as suspicious.
• Does the message ask you to click on a link or open an attachment? Be particularly wary of emails from people or organizations you don’t know urging you to click on a link or open an attachment. Doing so can lead to malware being installed on your device.
• Does the telephone call ask for personal or financial account information? If you receive a call that just doesn’t feel right, trust your instincts. Hang up and call the customer service line from their official company website.
• Does the message ask you to scan a QR code? As QR codes become more common in daily transactions, utilize these tips when scanning a code:
• First, check to determine that the QR code has not been tampered with, such as a sticker placed on top of the original code.
• Check the URL to make sure the code is sending you to the intended site and that the site looks authentic. Look for typos or misplaced letters.
• Exercise caution when entering information on a site accessed via a QR code and avoid making payments; manually enter a secure URL to complete a payment.
• Do not download an app from a QR code. Instead, search for the app via your device’s app store.
• If you receive a QR code from someone you know, reach out to them through a known number or address to verify that they sent you the code.
Don’t assume your tech savviness will protect you from today’s cybercrimes. In the face of increasingly sophisticated scams, an ounce of prevention can go a long way in helping you to protect yourself.