Skip to main content
Updated date:

Phishing Scam Awareness

Dan earned his CompTIA (CIOS) certification in 2010 and worked in the computer repair/networking industry for several years.

phishing-scam-awareness

Computer users seem to be recognizing the inherent dangers of the internet, although more awareness is needed. On the surface, computers can be fun and convenient tools. Under the hood, however, they can be a rabbit hole with scary consequences if not wielded with care.

IT security is a complex paradigm, but a specific attack vector commonly used by cybercriminals is phishing. The method exploits technical aspects of computers as well the gullibility of computer users. Perhaps the most common type of phishing attack is when a cybercriminal sends an e-Mail posing as a legitimate organization, and the recipient is led to a fake website where personal information is entered—the information is then used for a variety of illegal ends. Phishing is complex and can be achieved in a variety of ways.

Phishing Scam Examples

The foundational concept of phishing is tricking computer users into believing they are accessing trustworthy services. The following lists a few examples and the takeaway should be to take care of who you trust and what you click on!

  • Phishing comes in various forms, and there are common denominators between them all. It's common for cybercriminals to send e-Mails from their own — partially obscured — e-Mail domain. For example, to trick an e-Mail user into believing that Google is contacting them about a service issue, a cybercriminal might use the domain problem-resolution@googlee.com to make it look as though it came from Google.

    Notice the extra e at the end of "Google?" Sometimes users don't notice a difference, who then follow instructions in the e-Mail and become the victim of a cyberattack.

    Instructions in phishing e-Mails can vary. Instructing the recipient to enter information into a fake website, open malicious attachments, respond with personal information, or directly install software that has embedded malicious code are a few. In many cases, the phishing attempts are directed at a nobody specific.

    The F.B.I. reported on November 13, 2021, that a loophole in one of their e-Mail systems was exploited so that thousands of fake security alerts were sent out to undisclosed e-Mail addresses. The alerts actually came from a domain owned by the federal agency, and therefore those who viewed the e-Mails took them seriously, causing a degree of panic.

    Although there were no instructions to provide information or open attachments in the phony e-Mails, it's worth noting that cybercriminals have ways of exploiting legitimate e-Mail domains instead of coming up with look-alikes. Therefore, it's important to remember that even though the source of content comes from a legitimate domain, it doesn't mean it's necessarily safe to open or use.

    Nobody knows for sure what the motive of the perpetrator was. It's said that diverting resources away from other important security aspects, as sort of a diversion, was a possible motive. It could have also been to merely obtain bragging rights in an underground hackers' circle.

    These attacks are not limited to e-Mail. Often, phishing is attempted via text messaging and phone conversations. A common scenario is when a cell phone service subscriber receives a link from an unknown source to a pornographic site—in which clicking through can lead to a computer virus infection. Phony government agencies will also attempt to contact people via the telephone and coerce them into paying money or giving away sensitive information.

  • Spear Phishing is the same concept, except that the attack targets specific people on which the perpetrator has already built a profile—containing personal information such as name, address, place of employment, and perhaps even date of birth and social security number. Using this technique, the attacker has already broken the ice with regard to trust and has only to, effectively, lean on the recipient. Precautionary education or training would help in this situation.
  • Whaling is a type of phishing attack that is aimed even more specifically. Managers and high-ranking business personal are the targets of these types of attacks. For instance, a hacker could imitate the identity of a high-ranking official—who then sends an e-Mail to another high-ranking staff member. Trust is established by a number of imitation methods used, so getting the e-Mail recipient to follow instructions is relatively easy.
  • Angler phishing is perhaps the most recent and effective form of phishing crime, targeted at social media users. Disguised as customer service representatives, perpetrators will reach out to users having issues with their accounts. Users can be instructed to do a variety of things such as click on links (leading to fake sites), install malicious software, or give away personal information.

    Avoiding the angler trap can be done if responding to customer service correspondence with caution. Be sure any accounts contacting you are verified by the platform in use. Navigating directly to the platform's home page or calling their customer service number for initial contact could generally prove safer.

Safe Internet Usage

These concepts and examples should be enough to raise awareness for the average computer user. There is much to digest and this isn't a comprehensive list of phishing techniques with details. Generally, however, the idea is to be careful who you trust when contacted via the internet or phone—and be careful what you click!.

Government agencies will typically inform the public about new phishing scams. IT security information can also be gathered from various public forums and articles.

This content reflects the personal opinions of the author. It is accurate and true to the best of the author’s knowledge and should not be substituted for impartial fact or advice in legal, political, or personal matters.

© 2021 Dan Martino

Related Articles