Phishing is a scam where criminals try to get information or access through deception and trickery. Scammers will pretend to be a business or person you trust, or they may disguise their malware into something that looks innocent in hopes you’ll install it onto your system.
Common phishing attacks
- Link manipulation
A phishing scam can sometimes come in the form of a malicious link that appears to come from a trusted source, like big companies and famous brands. If the link is clicked, it takes users to a spoofed website, where they are prompted to enter account information.
- Content injection
This type of phishing attack injects a familiar website, such as an email login page or an online banking portal, with malicious intent. This can include a link, form or pop-up that directs users to a secondary website, where they’re asked to input confidential information.
- Email
By far the most common tactic on this list, a phishing email may arrive to either your personal or professional email address. This email can include instructions to follow, a web link to click or an attachment to open. - Man-in-the-middle
Man-in-the-middle phishing attacks occur when a cybercriminal tricks two people into sending information to each other. The scammer may send fake requests or alter the data being sent and received by each party.
- Spear phishing
A more advanced form of phishing, spear phishing targets specific individuals rather than random targets.
Falling for a phishing attack can lead to leaked confidential information, infected networks, financial demands, corrupted data or worse, so here’s how to prevent that from happening:
- Inspect the sender’s email address. Is everything in order? A misplaced character or unusual spelling could signal a fake.
- Be wary of emails with generic greetings (’Dear customer,’ for example) that asks you to act urgently.
- Look for verifiable sender contact information. If in doubt, do not reply. Start a new email to respond instead.
- Never send sensitive information by email. If you must convey private information, use the phone.
- Think twice about clicking unexpected links, especially if they direct you to sign into your account. To be safe, log in from the official website instead.
- Avoid opening email attachments from unknown senders or friends who do not usually send you attachments.
- Install a phishing filter for your email apps and enable the spam filter on your email accounts.