Phishing – How to Protect Yourself From Phishing Attacks
Phishing is an attack used to steal personal information and credentials. This information can be used to steal money or access an organization’s systems and networks. Attackers typically use email, instant message, social media or other in-app messages to gain victims’ trust by masquerading as a trusted source and tricking them into sharing their credentials and personal information.
Attackers often leverage a sense of urgency and fear to gain users’ trust. For example, attackers might tell users their account has been restricted or they will lose money if they don’t respond to the request immediately. Attackers can also lure victims into opening malicious attachments that install malware on their devices and networks. These malicious attachments may be Web pages, shell scripts or Microsoft Office documents with macros that can download and run malware. Attackers can also spoof Wi-Fi access points to trick victims into logging on to their free network.
More advanced phishing attacks are known as spear phishing and are targeted at specific individuals or organizations rather than random application users. This type of phishing requires extensive research about the target, including power structure and employees. For example, an attacker might target the marketing department and pose as a project manager to get their passwords and login information. The attacker will then create a spoofed invoice document that looks like one from the legitimate company.
It’s important to remember that no legitimate company will contact you directly to ask for your personal information or login details. Never give these to anyone, especially in an email or text message. Additionally, if you are suspicious of any email or text message, check the NCSC’s Top Ten Warning Signs and always err on the side of caution.