Online crime has been around for as long as the internet has existed. The anonymity of the online world provides a perfect space for cybercriminals to thrive and target unsuspecting victims.
Phishing is just one of the many different types of online scams and it can have devastating consequences. Victims often don’t realise that they have been robbed of both money and personal information until it is far too late.
As with all online scams, your best defence against a phisher is a healthy dose of knowledge (coupled with strong antivirus software), so read on to discover everything you need to know about phishing.
What is phishing?
Phishing is a prevalent form of cyber attack in which a hacker impersonates a trusted organisation to steal personal information. The term arose from the analogy of a cybercriminal looking to lure in unsuspecting victims, as a fisherman does with fish. But why the ph? The earliest phone hackers were known as ‘phreakers’ (or phone freakers), which is where the spelling of the word ‘phishing’ originates.
This type of scam arose in the 1990s. At this time, AOL was one of the only American online service providers and millions of people accessed their emails, web message services, and browsers through this server. A group of hackers, impersonating AOL employees, targeted users and tricked them into handing over their login credentials in what is now recognised as the first ever phishing attack.
From here, phishing evolved to resemble the types of attacks that we can recognise today. Cybercriminals realised they could purchase domain names for websites that closely resembled trusted e-commerce sites, such as Ebay and PayPal. By sending out cleverly crafted emails to unsuspecting customers, they could trick them into handing over credit card details and other personal information that could be used to perpetrate identity theft.
Today, phishing is one of the main strategies employed by cybercriminals. Australians lost an estimated $2 million to phishing attacks in 2020.
How can I spot a phishing attack?
Up until now, phishing attacks have been fairly easy to identify. Online criminals often don’t put a lot of effort into their phishing schemes, sending out poorly designed emails that are riddled with spelling mistakes. They are hoping that quantity will trump quality and that amongst the thousands of potential victims, one or two will fall for their tactics.
If you receive an email, text message or phone call from a company requesting your personal information (name, date of birth, address, and financial details), you should immediately be suspicious. Your bank, social media platforms, and other types of businesses will never ask you for this information.
Other classic warning signs of a phishing attack include:
- Messages that contain spelling and grammar mistakes.
- Emails sent from a public domain. Your bank will never send you an email from a Gmail, Yahoo, or similar account.
- Misspelled domain names. A scammer won’t be able to purchase the real domain name of a company they are impersonating; they will instead opt for a version with slight variations.
- Messages that ask you to download an unknown file or follow a suspicious looking link.
- Messages that convey a sense of urgency. If a scammer can make you believe that a situation requires your immediate attention (for example, suspicious activity has been noted on your bank account), you may overlook other warning signs.
Unfortunately, phishers are constantly evolving. It was recently reported that a group of online criminals have developed a phishing ‘ToolKit’ that has the ability to change logos and text in real time.
ToolKit’s ability to personalise pages has seen it replicate the login sites for hundreds of popular sites including Adobe Document Cloud, OneDrive, and Office 365. Victims who receive this phishing email are asked to click on a link and are taken to a fake login page. The personalisation capabilities of ToolKit means that the victim’s email address is already filled in, giving the sense that they have visited the site before. They then enter their password and effectively hand over all their personal information.
These types of new strategies suggest that identifying phishing attacks may not remain an easy task for too much longer.
Phishing prevention tactics
There are many strategies that you can employ to keep your private information safe from phishers. Consider the following:
- Understand what a phishing attack looks like: Phishers are hoping that by targeting enough people, they will eventually find a victim who has no knowledge of the scam. Being able to spot the classic warning signs is an excellent prevention strategy.
- Only browse on secure sites: A secure URL will start with ‘HTTPS’. Always check to make sure the websites you are visiting include this security feature, and never provide any personal information or credit card details to an unsecure connection.
- Use a VPN: What is a VPN? It’s an acronym used for the term ‘virtual private network’. A virtual private network is a type of encrypted connection that prevents prying eyes from accessing your data and location. Using a VPN will prevent cybercriminals from monitoring your activity, which can put a stop to targeted scam messages.
- Change passwords regularly: Many of us use the same username/password combination for multiple accounts. Once phishers have access to one of your accounts, they are likely to attempt to hack their way into others. Be sure to change your passwords regularly, set strong passwords, and never use the same login information for multiple sites.
- Install antivirus software: Many antivirus programs come with phishing detection capabilities. The software will warn you if you receive suspicious emails or are at risk of sharing personal information on an unsecure network connection.
Cybercriminals are unlikely to disappear any time soon. Protect yourself and those around you by engaging in safe internet practises and always remain on the lookout for the classic warning signs of a phishing attack.
Bridget is a writer and editor, currently living in Melbourne. She is a copywriter for Newpath Web and loves working with words of all shapes and sizes. When not playing around with punctuation and grammar, she enjoys travelling and curating her Spotify playlists.