How to Prevent Phishing
Being duped by cybercriminals is one of the worst feelings a person can experience. While there are plenty of ways to lose money—concert tickets, last cup of coffee—the most insidious attacks involve exposing sensitive data and stealing millions from the most perceptive companies. Phishing is one of the oldest and most common attacks, but an ounce of prevention can go a long way toward reducing risk.
The most common method of phishing involves email: an attacker sends a message designed to trick the recipient into clicking a link, downloading an attachment, or sending money. Attackers often use personal information available on the Internet, including social media sites, to make emails look more convincing. Using technology that scans and filters suspicious messages can help prevent these kinds of attacks, but many go undetected without advanced cybersecurity measures.
Spear phishing, also known as smishing, is when hackers target specific individuals or organizations to steal data. This can include targeting executives or employees of a company to gain access to secure systems. For example, in 2014, hackers used the Dyre malware to gain access to Sony’s system and steal passwords.
Cybercriminals can also use a technique called “clone phishing” to send an email that looks like the original but contains malicious substitutions. For example, a clone of an email from Google or Facebook may contain a malicious link or attachment that could take the victim to a fake website or inadvertently download malware.