Dan earned his CompTIA (CIOS) certification in 2010 and worked in the computer repair/networking industry for several years.
On the surface, computers are fun and convenient tools. Under the hood, however, they can be a rabbit hole of negative consequences — if not wielded with care. More awareness of cybercrime is needed.
It is complex and can be carried out in various ways. Phishing is a common technique with a wide selection of specific methods to choose from. It generally occurs, however, when criminals pretend to be legitimate services. They reach out to prospective victims attempting to get them to disclose private information.
Phishing is so common that e-Mail providers have algorithms in place to catch incoming attempts. People usually don’t notice phishing attempts since the devilry is redirected to the spam folder. Occasionally, e-Mail users must check the folder and will notice suspicious items.
The foundational concept of the attack is tricking people into believing they are contacted by trustworthy personnel. Although phishing is commonly carried out via e-Mail, it can occur through other channels such as text messaging, social media, and phone calls. The following lists a few examples — the takeaway being that exceptional care should be taken when contacted by through communications channels, especially e-Mail.
- General Phishing
Directions given in phishing attempts vary. Recipients can be led away to fake websites, open malicious attachments, respond with personal and credit card information, or directly install software malicious software. In many cases, phishing attempts aren’t directed at anybody specific.
- Spear Phishing
The same concept above applies here. The attack targets specific people on which the perpetrator has already built profiles, however. The profiles can have names, addresses, places of employment, and even birth dates and social security numbers.
This technique allows the attacker to establish trust with the recipient, with relative ease. The perpetrator needs only to, effectively, lean on the victim. Precautionary education or training helps recognize the attack when they occur.
Managers and high-ranking business personnel are the targets of this type. For instance, a cybercriminal could imitate the identity of a high-ranking official who sends an e-Mail to another high-ranking official. Trust is established by a number of factors — getting the e-Mail recipient to follow instructions is easy.
- Angler Phishing
A relatively new type of phishing, this method targets social media users. Disguised as customer service representatives, perpetrators will reach out to users having issues with their accounts. Users can be instructed to do a variety of things. Clicking links (leading to fake sites), installing malicious software, or giving away personal information.
The angler trap is avoidable by responding to customer service correspondence with caution. Be sure customer support accounts are verified by the platform in use. Bypassing the contact channel is a good start. Navigating directly to the platform’s home page, or calling their service number — for initial contact — could generally prove safer.
The concepts and examples listed are sufficient to raise awareness for the average computer user. There are more techniques used by cybercriminals than the ones listed. The idea is to use caution when contacted through various communications channels — and be mindful of links sent via e-Mail.
Government agencies usually inform the public about new phishing scams, if aware of them. Information about phishing can also be gleaned from various public forums and articles.
This content is accurate and true to the best of the author’s knowledge and is not meant to substitute for formal and individualized advice from a qualified professional.
© 2022 Dan Martino