Phishing: recognizing and protecting against it

Phishing is an attempt to trick you into sharing personal information, including bank account details and passwords, or infecting our devices. The top five most well-known phishing attacks are: email phishing, spear phishing, whaling, smishing/vishing, and angler phishing.

How does phishing work? By preying on human emotions such as fear, curiosity, satisfaction, and greed, compelling recipients to click on the link, or open an attachment.

Lack of knowledge and training leave individuals exposed to phishing. Because they are unable to readily identify the signs, or respond too quickly before realizing the risk. A quick look is not always enough to spot the phishing signs, you need to learn about the way phishing messages work and look for the clues.

Phishing: recognizing and protecting against it

What is phishing?

Fishing involves throwing a line with a hook and bait into the water to catch a fish. Phishing is a play on words and uses the same analogy. Phishing tries to get personal details, generally passwords and bank details, or infect your hardware with malware. Whatever the type of phishing, the aim is usually financial gain.

All electronic communications can be exploited: emails, social media, text messages, etc. Whilst so many of us are aware of the risks, it is very simple to overlook the warning signs and respond to a phishing scam.

Phishing is unethical, and regarded as illegal, yet it can be difficult to prove. This method of cyber hacking is classified as a crime in the United States, France and several European countries.

How phishing works
Steps of a phishing attack

This practice is broadly used and very efficient. According to a 2021 CISCO report, 86% of companies had at least one employee clicking on a phishing link. 1.3 million phishing-related searches and requests for help were made in 2021.

Phishing methods and how to recognize them

There are many types of phishing including the well-known general email phishing, to whaling, angler phishing, and more besides. We will take a look at a few of the most effective ones.

Draw / Lottery

You receive an email about a prize you have won, asking you to follow a link to receive the prize, which invites you to fill in your personal information:

Lottery phishing email

Personal information update

Bank phishing email

Emails suggesting there has been a threat to your personal information are common.  These usually ask you to update your details to prevent further risks, leading you to a counterfeit site:

  • an update of your bank details following attempts to access your account
  • a password update following a security alert
  • a false alert from a bank or financial institution, eg, PayPal

Spear phishing

Phishing emails can be sent to many recipients, or targeted to a specific individual, as in spear phishing.  Spear phishing is where some of the victim’s information is already known, eg, workplace, email address, job role, colleagues, and can be very convincing used in an email.

These emails usually contain a link to a fake third-party website that prompts the user to follow the link, revealing further personal information.

Whaling

These are attacks aimed at a senior executive (the bigger fish) and tend to be more subtle than other methods.  Fake links and malicious URLs aren’t used for whaling, because these attacks generally use the pretext of coming from a busy CEO or COO who needs an employee’s help.

For example, in 2016 the toy company Mattel was a victim of a whaling attack, costing them $3 million.

Whaling phishing

Angler phishing

Angler phishing

Angler fishing focuses on social media, using consumers and unsatisfied customers. The aim remains the same, to persuade people to share their personal information, or download malware, and involves fake URLs, cloned websites, posts, tweets, and instant messaging (sometimes called smishing). Often, criminals use information that you’ve already put on social media!

Having taken a look at a few phishing techniques, let’s now see how to protect yourself from them.

How to protect yourself from phishing?

Phishing seeks to deceive you. Be vigilant and avoid the traps:

Always check the email address of the sender

Often an email address appears identical to the third party it pretends to be. On closer examination there may be a spelling error, or letters are changed, eg, “rn” may appear to look like “m”, or a capital i “I” is used instead of an ell “l”.  

Check the URL links in the email

Only go to secure sites, where the URL is prefixed with HTTPS (the “S” means it is secure). This is especially important when entering confidential and sensitive information.

Pay attention to the content of the email

If the email contains spelling mistakes or plays too much on the sense of urgency, the email is most likely a phishing attempt. 

Beware of attachments.

If you have any doubts about the validity of an email, do not download attachments, which may contain malware that steals your personal data.

Set up a spam filter

These allow you to filter potentially suspicious emails directly into spam. Check out our article to understand more about how spam filters work.

Authenticate your sending domain

If you are a company or an individual sending emails of various kinds to customers, opt to authenticate your emails. Regular authentication, using protocols such as DMARC, DKIM, and SPF, increases the trust of your audience to help your emails arrive in the recipients’ inbox rather than spam. Do not hesitate to consult our articles dedicated to this subject to learn more.

If you want to authenticate your sending domain to reassure your recipients and optimize your deliverability, our MailSoar experts can assist you.

If you are a victim of phishing, you can visit apwg.org to report any suspicious messages you have received.

Phishing is only going to get more sophisticated as technology evolves. You can follow the advice we offer to protect yourself, your company, and your friends, but to ensure you stay ahead of the new methods that are being constantly developed to hack systems and fraudulently gain personal information, you need to secure your sending domains.

MailSoar is a team of experts who can share their knowledge and learning to help you stay ahead of phishing attacks and minimize your risk.

MailSoar is a deliverability agency who can help your deliverability grow, and thereby help your business grow.

Whether you’re an experienced email-sender looking to perfect the delivery of your infrastructure or that a big part of your business ROI is tied to email landing at the right place, our team of experts is used to manage the ongoing deliverability of massive senders from all industries.

Contact MailSoar to optimize your email deliverability and increase your mailing reputation with the best solutions.

Share This Post

More To Explore

DKIM : how to authenticate your domain

Securing your sending domain is necesseray to prevent fraudulent practices such as phishing. Discover in this article how to authenticate your domain with DKIM.

Do you want to grow your business with emailing?

we can do it together

Book a meeting now