Phishing attacks aren’t new. In fact, we’ve heard about them for years – but that doesn’t mean they’re any less prevalent than they were when they first cropped up in the mid-90s. Actually, this year especially has seen a sharp rise in phishing scams, thanks in part to the stay at home orders given at the onset of the coronavirus pandemic.
Earlier this year, when the lockdowns were in full swing, Google’s Threat Analysis Group reported that they blocked 18 million COVID-19 themed malware and phishing emails per day and ID Experts reported a 50% increase in the number of their members being targeted by phishing scams. With the threat of a second lockdown looming, I thought it would be best to chat with a digital privacy expert about how to spot (and avoid!) a phishing attack.
I recruited Ray Walsh, a Digital Privacy Expert at ProPrivacy to give some of his best tips for avoiding such scams. But, first, it might be a good idea to tell you what a phishing attack actually is.
Phishing is essentially the attempt to fraudulently retrieve someone’s personal information (like banking details, passwords, and login information, etc.) usually with a financial goal in mind. Phishers usually pose as trustworthy sources, like your bank provider or PayPal or a social media platform. Their initial goal is to have you click on a link which will send you to a fake site almost identical to the one they’re impersonating and have you give away your personal info, you know, like we do all day on the internet.
“Phishing attacks usually leverage cleverly devised scripts designed to weigh on your emotions – be that excitement or fear,” explains Walsh. “So, if you receive an email or text that makes you want to follow a link or click on a download, this could mean that you are being victimized.”
You want to be wary all the time, to be honest. Although many email providers have anti-phishing features, it’s easy to get lured in, especially if it’s through a text message. Here’s what you should look out for:
Unsolicited emails are a nightmare. If you think about how many sites we give our email addresses away to, even daily, it makes sense we get so many. More than general annoyances though, unsolicited emails and especially text messages are something to be cautious of.
“If an unsolicited email or text message arrives, it is always wise to be wary,” Walsh tells PC Guide. He goes on to say that you should “never hand over your personal details or payment information to any incoming messages, phone calls, or emails as this could lead to fraud.”
Like I mentioned earlier, the aim of the phishing game is to manipulate unsuspecting victims into clicking links designed to look legitimate, sending them to a cloned or “dodgy” website. And that’s usually the beginning of the end. “Once the victim clicks on a link,” says Walsh, “fake login portals and forms will steal the victim’s personal information or payment details in order to defraud them or engage in identity theft.”
If you receive a message that encourages you to follow links, the first thing you should do is consider who the email or text message is from.
“If it is a service that you don’t usually use,” says Walsh, “you should check to see whether it has been flagged as a scam online – or avoid it altogether.” However, if you receive an email from a service you do use or you do subscribe to, it can get a little trickier. In the case that this does happen, Walsh says, you should “head over to the website in question in your browser rather than by clicking the link.”
By doing so, you ensure that you’re definitely logging into your account from a legitimate source and, “you will be able to quickly verify whether the email you have received is using lies in order to attempt to trick you.”
Finally, Walsh says: “Always be wary of any received messages or emails that seem too good to be true.”
As with everything in life, internet scams too, if it’s too good to be true, then it probably is. It might seem like a fairly negative philosophy to carry around with you but, online especially, that little pearl of wisdom might just make the difference between you losing out to a phishing scam or, well, not doing that.
According to Walsh, “scammers will use attractive members of the opposite sex, special offers, competitions, and bargain-basement prices to trick victims into following links and providing their details.” (I mean, they understand basic human desire, so, can’t really fault them on that front I suppose).
Instead of jumping on the chance to get 50% off at Olive Garden or to win a hot date, Walsh says, “do some research – and never hand over any information unless you are 100% sure that the service in question is legitimate.”
Phishing attacks are extremely common. I can’t count the number of times I’ve *almost* clicked on a PayPal link in a text message or logged into my Facebook account through a random email link. Next time you get an unsolicited email or text message that seems to be selling dreams, make sure to go through these steps to ensure that you’re not the victim of a phishing scam.