Phishing Attacks: What They Are, How They Happen, And Staying Safe
Phishing attacks have been around even before the age of the internet, and they
have become more popularized with the introduction of the world wide web.
Technically, they are not a hack in every sense of the word, but they work just that
Having been determined to account for over 90% of all social engineering hacks,
it becomes important to address then.
But before we get into all that…
What is Phishing?
Phishing attacks work by playing on a user’s trust and commitment to an
organization that they have deemed reputable to obtain sensitive information from
such a user.
Depending on the mode of propagation (which could be emailed, telephone call or
SMS), it usually starts off with the hacker making contact with the victim. The hacker
poses as a legitimate organization/ representative, especially one that the victim
might have heard of or be using.
In this case, it could be a financial institution, email service, or other service
providers. The victim is made to believe that they need to take action on their
accounts, and their details are requested – either directly or indirectly.
Direct requests will see the hacker manipulatively ask for information like credit card
details, date of birth, mother’s maiden name (and such other personally-identifying
information which could have been used as a security question on a targeted service
the hacker is looking to get into).
On the indirect attack, the hacker sends a link which the victim can click to take them
to the supposed site which they would have trusted on a normal day. This link,
however, is a fake – leading to a website that just looks like the real deal, but isn’t.
Once the victim enters their login/ card/ other personally-identifying details, it falls
right onto the laps of the hackers. They can then use that information to access the
actual account and do as they wish from there.
Protecting Against Phishing Attempts
Due to the way in which it is carried out, phishing attempts are unsurprisingly
challenging to deal with. That does not make it impossible, though.
Here, we explore best practices for staying out of any and all phishing attempts
that could be coming your way – no matter what platform it originates from.
Telephone numbers are some of the hardest things to verify. Besides the fact that
you might not have any idea who is at the other end of the line if they are not saved
in your caller’s list, you will also need to go through a lot of legal processes to have
this information released from network providers too.
Thus, knowing if the person at the other end of the line is really who they say they
are is challenging.
That said, you should still know that your bank, government agencies or other
reputable institutions will not call you over the phone to request personal information
(such as PINs, social security number, account passwords, account details and
Should that happen, ask for the caller’s name, ID number (if applicable) and
department. Drop the call and call the institution back via an officially listed contact
line – or show up there in person.
SMS and Emails
These are the most common forms of phishing attempts these days, with the latter
taking the crown for the most successful.
As discussed above, the attacker will send users a link disguised as the real deal to
get them to take action which would compromise their information.
First things first, refrain from clicking links in your email. They might look like the real
deal, but you should also note that the eyes can easily be fooled into thinking the
wrong thing is right. For example, spelling ‘AIRPORT’ as ‘A1RPORT’ might not draw
a lot of attention tell you see that the capital ‘I’ has been replaced with a number ‘1’
Thus, always type out links yourself to be on the safer side. Should you be asked to
contact customer support via any link too, we recommend going through the main
website (which you have typed into your browser address bar yourself) and seeking
Phishing websites are springing up on a daily – and they complete the work from
where the email attacks start from.
These websites thrive off soliciting credit card details from users by informing them
that they have won a jackpot, notifying them of a huge discount sale, introducing
them to a great deal and such other attempts.
So that you don’t fall victim to this category, always double-check the URLs you are
visiting to ensure they have not been somehow manipulated.