Gone Phishing: What is Phishing and How to Avoid It?
Online fraud and email scams are becoming more widespread as technology advances. And unfortunately, scammers are growing more sophisticated by the day. While falling for these scams can happen to anyone, there are some steps you can take to avoid becoming a victim of phishing.
What Is Phishing?
Phishing is a form of cybercrime. Targets are fraudulently sent communications (email, text messages, telephone) from the scammers, posing as legitimate institutions such as banks, service providers and even colleagues.
They lure individuals to provide them with sensitive information such as banking details, passwords and login information. However, phishing scammers also intercept messages from an institution you are currently communicating with, creating the illusion that you are still dealing with the same person/business.
Phishing is probably the most common type of cyber-attack that everyone should learn about to protect themselves.
Types Of Phishing Scams
A phishing attack can happen in a variety of ways. While it most commonly occurs via email, fraudsters can use several other methods to carry out their scams.
Email Phishing
As the most common type of phishing, this method frequently involves a shotgun approach. Scammers impersonate legitimate organisations and send mass emails to as many people as possible.
- Characteristics: These emails are characterised by a sense of urgency, informing the recipient that their account, profiles have been compromised.
- Objective: Get the victim to take a specific action, such as clicking on a malicious link, providing a one-time pin, or giving them other personal information.
Spear Phishing
This form of phishing takes a more focused approach, sending malicious emails to specific members of an organisation. Instead of sending mass messages, this method targets particular employees.
- Characteristics: Emails are personalised to trick the recipient into believing that they have an existing relationship with the sender. The sender uses email addresses that look nearly identical to legitimate ones.
- Objective: Same as before.
Whaling
Much the same as spear phishing, whaling scams are aimed at a specific person within an organisation. However, instead of employees, they are generally targeted towards senior management, executives, directors or anyone with high-level access to classified information.
- Characteristics: Emails will use pressing situations (which would have severe repercussions for the company) to bait their victims. Such as claiming that the company is facing a lawsuit.
- Objective: Get the victim to click malicious links, open attachments or gain more information which they can use to access accounts, secure data or hack systems.
Smishing
SMS phishing uses text messages (instead of emails). Operating in a similar way to their email counterpart, scammers sends texts from seemingly legitimate businesses which contain malicious links.
- Characteristics: Links are disguised as promotional codes or competitions.
- Objective: To compromise individuals by stealing confidential information.
Vishing
Voice phishing uses phone calls to exploit victims instead of email or text. These calls often use automated voice messages which seem to come from a legitimate institution, such as a government department or bank.
- Characteristics: Calls claim that the victim owes a large sum of money, that the victim was wrongfully charged and needs a refund, or that their bank account has been compromised. Victims are then prompted to verify certain personal information. Or provide a one-time pin – usually sent to the victim’s phone, as the scammer attempts to log into their account.
- Objective: To gain access to the victim’s accounts or get the victim to transfer a large amount of money.
Types of Scams As Listed By Nedbank, FNB and Standard Bank
How To Spot and Prevent Phishing Attacks
When trying to prevent a phishing attack, vigilance is key. Here is a checklist you can use to identify potential phishing scams:
- Communications asking to confirm/provide personal information.
- Check the sender’s email address for signs of fraudulence
- Be wary of misspelling and poor grammar.
- Be suspicious links or attachments
- Be sceptical of urgency and high-pressure situations.
- Misspelt domain names or email addresses.
- If it is too good to be true, it probably is.
- Claiming a change in bank account details.
PLEASE NOTE: AMC Hunter INC will never change our bank details or ask for your bank details via email. Should you receive an email to this effect (or other suspicious communications), please contact our offices on 031 309 5483 to confirm our bank details and any other information before making any payment or responding to such messages.