For a long time, phishing schemes were one of the most popular cybercrime methods, and many people still joke about them to this day. They used to have outlandish scenarios to take advantage of people who were new to the internet, such as claiming a Nigerian Prince needed your credit card info to send you money, but phishing has taken on much more deceptive and destructive forms over the past decade.
Emails asking you to provide someone with personal information and credit card details are still as popular as ever, sometimes trying to trick you with fake deals or intimidate you with threats of fake arrest warrants. It might seem perfectly safe to click on links and respond to these emails, but this can be one of the biggest mistakes you can make in terms of internet safety.
To keep your business safe from getting its sensitive information stolen, you should make sure everyone who uses your company’s devices is familiar with phishing and is fully aware of how to prevent and recover from phishing schemes.
What Is Phishing?
Unlike many types of cybercrime, phishing is a social engineering tactic that doesn’t require the hacker or cyber-criminal to use any technology. Phishers will often send out mass amounts of these emails to all kinds of people, often through stolen email lists taken from databases you’re a part of and with bots that can automatically find and write new emails regularly.
Since it’s easy to send out these phishing emails and find email lists, it can be almost impossible to keep yourself safe from receiving phishing attempts. You instead have to know how to identify them and avoid clicking on them, and make sure that you don’t end up falling victim to one of the numerous phishing attempts that likely show up in your work and personal inboxes all the time.
How Does Phishing Work?
Phishing emails almost always ask you to follow a link, reply with personal information, or send money to a particular online address, but how they convince people to do this is extremely diverse. There are usually two main strategies that phishing emails trick people into following the links in these emails - urgency and financial benefits.
Urgency is quite simple, as it usually involves telling someone they need to send money or personal information quickly to prevent being charged more by a bank or company. In similar phishing schemes through phone calls, the phisher may even try to intimidate you by falsely threatening to arrest you, and those unaware of phishing schemes can easily be pressured into following what they say.
Financial phishing can often appear much more innocent, suggesting deals for businesses you may have provided with your email. Some request that you invest money through a given link, claiming that you will get a money transfer for more later down the line. These attempts try to appear as spam emails from regular companies and blend in alarmingly well with real promotional emails.
What To Do If You Click On A Phishing Link?
The best way to prevent yourself from being a victim of a phishing scheme is to avoid links in these suspicious emails entirely. By hovering your mouse over a link, you can usually see what the URL is and see what website it will take you to or if it’s secretly a file that the email is tricking you into downloading. If an email doesn’t come from a trusted source, you should always check to make sure you're not dealing with a malicious link.
If you do happen to click on a suspicious link and download harmful malware onto your computer, it’s good to delete it immediately and use antivirus software to scan for anything else that might be on your computer. If you are worried, it can be helpful to restore a backup of your computer through an external hard drive or memory card to make sure you wipe any malicious software downloaded onto your computer.
The link may also take information like passwords and financial information from your email and internet browser, meaning the damage could potentially be already one. If you’ve clicked on a phishing link, you should look into changing your passwords to make sure that any compromised passwords won’t work and set up multifactor authentication. You should also keep an eye on your credit card and login histories on any important accounts to check if someone besides yourself is using them.
Types Of Phishing
Phishing can take many different forms, but it can be helpful to know all the different types of phishing you might encounter in your inbox, through online ads, and even in your business’s IT system. There are clear signs of each type of phishing, and if you recognize any of these, it’s important to take a critical look before responding or following any links.
Data phishing is the most common and general form of phishing. The goal is to pretend to be a trusted company or person asking you to send personal information and credit card details. They then use this data to either access your accounts or sell your account data to others. Sometimes phishing emails will ask you for this information themselves, while others will make you download files or follow links that steal your data automatically.
Phishing For Login Attempts
Many websites and email providers will let you know when someone attempts to log into your accounts, but not all of these are genuine. Many phishing emails will claim to be companies like Google or Apple asking you to reset your password but send you to false websites to trick you into typing your password into the hacker’s database yourself.
Malware is usually a piece of software downloaded to your computer or smartphone, either by hiding inside a regular file or by pretending to be a simple program. Phishing emails that download something to your computer are likely to contain this. It can either copy your data for the hacker automatically or give a hacker remote control over your device.
Whale phishing is one of the most common ways to target businesses, asking executives and business owners to give company or customer information. This scam can be lucrative for phishers, as they can get a wide variety of personal data like addresses and banking information by targeting only one individual.
Unlike whale phishing, spear phishing is significantly more targeted, usually asking a single individual to follow a link, download a file, or reply with personal information. These are by far the most common type of phishing, and while it might not be as financially impactful on a business as whale phishing, it still can result in company account information being stolen and is just as much a concern.
How To Prevent Phishing Attacks And Attempts
The best solution is to not click on them at all, but if you still end up clicking on a phishing link, there is plenty you can do to prevent it from doing further harm. There are all kinds of threats on the internet trying to steal your information, both for themselves and to sell to others, and you must make sure to stay vigilant when receiving emails and links from untrustworthy sources.
If you ever have concerns that you’ve clicked on a link, or aren’t sure how safe a link might be, never feel afraid to check with an IT department or someone else in your company. The best way to prevent phishing attacks is to be careful and ask others for support. It will make your business significantly safer if everyone on your network is safe and communicative.
Frequently Asked Questions
Q: Can your smartphone be hacked by clicking on a phishing link?
A: Yes - this is particularly dangerous - be careful installing apps - never install anything outside the app store or play store.
Q: Is it possible to get a virus from clicking a link?
A: Yes - in fact, it’s really easy. Even opening a word document can trigger a virus. If you suspect you’ve clicked on something suspicious, contact support right away.
Q: What is the most common type of phishing?
A: Spear phishing is usually the most common, where scammers target single individuals to give their individual information. This type of phishing is why you should have separate passwords for work and personal accounts. Losing a personal email through spear-phishing schemes could result in your business having its information stolen as well.
Q: Should you tell someone if you’ve clicked on a phishing link?
A: You absolutely should tell someone if you’ve clicked on a phishing link and are worried you’ve downloaded something you didn’t mean to or if you think someone stole the information. Phishing can cause serious threats to your finances and reputation if you don’t start solving it immediately. It is significantly easier to recover from phishing attempts if you talk to someone about it early.