Have you heard of phishing? It is a tool and methodology whereby hackers gain access to either secure networks or personal information by imitating legitimate organizations. It is a highly sophisticated form of hacking that fools a lot of people. When it does work, phishing tends to get to people who simply aren’t paying attention.
This post is intended to encourage you to be smart. Do not be the phish in a criminal’s phrying pan. If you are able to spot the signs of a legitimate phishing attack, you can respond accordingly. You can stop a hacker in their tracks by recognizing their tricks and not giving them the time of day.
Vivint Smart Home, a nationwide home security and home automation provider, recently published an excellent blog post about phishing. At first, the post doesn’t seem to have anything to do with home security. But when you realize how similar phishing and burglary are, the post suddenly makes sense.
What Hackers Do
The whole point of phishing is to get you to voluntarily divulge personal information. Hackers might be after bank account information. They might be after usernames and passwords. Regardless, they want you to voluntarily give that information. So what do they do? They ask, albeit indirectly.
You would be suspicious if someone walked up to you on the street and asked for credit card information. Hopefully, you would be equally suspicious of a similar request is made online. Hackers are prepared for that. Instead of outright asking, they send emails or text messages disguised as legitimate communications from companies you are probably familiar with.
A hacker might send an email that includes a well-known company’s logo. There may be spoofed links to the hacker’s website contained within. Ultimately, the goal is to get you to visit a site where you will enter personal information, bank or credit card information, or credentials.
5 Things to Look For
Identifying a phishing attack is easier if you know what to look for. Vivint Smart Home recommends the following:
1. Suspicious Sender Addresses
Hackers sometimes create sender addresses designed to mimic real email addresses from legitimate organizations. But such addresses sometimes don’t look right. Never trust a sender addresses unless you personally know the sender in question.
2. Spoofed Links
Spoofed links utilize recognized anchor text, like an organization’s name. You can tell such links are not legit by hovering over them to see the web addresses behind them. If a web address doesn’t match the organization being spoofed, don’t click.
3. Emotional Pleas
Often times, less sophisticated hackers present an emotional plea designed to convince you of the urgency of their particular situations. Any and all emotional pleas should be considered red flags.
4. General Greetings
In almost all cases, organizations with whom you have online accounts will address you in emails using your real name or the username you signed up with. Emails that use general greetings – like user, sir, or madam – are automatically suspicious.
5. Unsolicited Attachments
Emails containing unsolicited attachments are always risky. Downloading such attachments could open your device to a malware attack. You should never download and open attachments you aren’t aware of in advance. Never trust attachments from people you don’t know.
Phishing is particularly effective because it works. But most of the time, it only works because victims are not paying attention. You can avoid being victimized by remaining vigilant and suspicious of all emails that don’t come from trusted friends and family members. You can never be too suspicious in this day and age. A little suspicion goes a long way toward protecting you.