All You Need to Know about Phishing 101

Latest Blogs

By AMSAT Nov 11,2020

All You Need to Know about Phishing 101

At a high level, phishing is trying to deceive people into doing something through an email that allows the cybercriminal to hack a target.

What is phishing?

When phishing is typically discussed, the emails that consumers receive are from someone mimicking a brand or an individual. For example, if the rival’s objective is to get the user to click a link that then leads to a suspicious website asking for personal information to help them log in to the target’s bank details, the link could be anything from “click to reset your password,” to an email mimicking your debt loan officer asking you to “click to pay your late fees.”

Another version of phishing is an email that comprises malevolent attachments. A common instance is an email purportedly from a mobile shipper telling users they have a bill past due and to open the attachment to view it. Once that infected document is opened, a few things can occur. There might be a link to a compromised site which may install ransomware on your computer or ask for your details. A computerized message from the attacker cloaked as a standard prompt may ask you to allow commands in the document, which then installs the threat on your machine. Otherwise, the document itself could hold an exploit, and you are likely to be infected if you simply open it.

Phishing attack tactics

We come across quite a few impersonated financial institutions and cloud provider phishing emails that are particularly seeking to steal user credentials. On the positioned malware side of things, you’ll get reports including bills from your bank or mobile shipper. We’ve also come across phishing attacks mimicking law enforcement and in the form of a court order or an unpaid fine. Generally, the strategies tend to circle around a call to action with some kind of resolve to get clients to click.

A few years ago, a unique tactic was employed where attackers exploited a huge breach to carry out targeted phishing attacks. They used users’ leaked personal information to send phishing emails laced with individual details that make the message appear real. If you receive an email that comprises information such as your full mail address and your phone number, for instance, that email will appear reliable enough that you might be lured to click. Whenever these big breaks happen, it’s generally suspected that people’s information is later being leveraged in these malicious attacks.

What should users do to stay protected?

Users need to put security above and over everything else. In fact, ensuring cybersecurity is extremely important for your home computers and devices as well as your systems at workstations. Threat attackers use the same tactics on ordinary consumers as they do on companies, so you can’t let your guard down when you leave your workplace. You’re a target regardless of your location, and keeping that in mind will help you make better security decisions.

If you typically receive any email that appears too good to be true, it perhaps is. Here are some more actionable tips to keep in mind:

Trust, but confirm. If you get an email from an organization you do business with, call them up instead of clicking on any links. This will help you verify whether the email is real without any possible harm. And if you’re one of the first people targeted in the phishing campaign, you could be helping the brand by notifying them that their name is being used spitefully.

Always create unique passwords for each personal account, particularly each bank account, you need to log in to and change them frequently

Enable 2-factor authentication when it’s available

Do not open attachments in emails from recipients you are not familiar with

Do not enable macros in document attachments received through email

If undecided, never give out your personal data

Back up frequently and keep a fresh backup copy off-site

Protect your computer with cutting-edge real-time security

TAGS