Phishing is a type of cyber attack in which the perpetrator maliciously sends scam messages to individuals or businesses in an attempt to trick them into either divulging sensitive information unique to their business or as a means by which to deliver another attack such as malware or ransomware. It is likely the cyber attack that you will have heard of before and been aware of for the longest amount of time. These messages can be delivered by many means including email, social media messaging platforms, text, and even call. Though common, this attack is typically one that most users are able to easily identify due to a few telltale signs. Firstly, the message is urgent in nature, either demanding that the recipient click on something quickly in order to avoid a negative outcome or that there would be consequences should the victim not provide some sort of information by a certain time.
The message will also be clearly a phishing scam because it is coming from someone pretending to be someone else. This is a less clear indicator than the urgent nature of the message, but still something you can figure out with relative ease. The person will often state that they are affiliated with a legitimate company in order to try and make you feel comfortable divulging whatever information they are trying to pull from you; they are not actually tied to that company in reality, so they have to create a similar, but not quite legitimate email address to trick folks who are not looking too closely at their sender’s information. For example, someone trying to present themselves as being a representative from Target might try to duplicate a legitimate email address like email@example.com with something that looks similar at a glance such as firstname.lastname@example.org. If someone were not paying close attention, they may not think twice about the fake email address, despite it clearly not being tied to the actual company site.
Lastly, a sign that the message you receive is a phishing scam is the use of poor grammar and odd phrasings of things; many cybercriminals are just trying to dupe as many folks as possible by any means necessary, often resulting in poorly constructed messages. To avoid this scam, look for these signs and if something seems phishy, delete the message and if it is on a work-related device, report it to your IT department.
Image by storyset for Freepik.