A phishing attack is one of the most widespread internet attacks aimed at obtaining sensitive data, passwords or money. Most internet users have encountered some form of phishing attack and we are likely to encounter it more and more often.
What does such a phishing attack look like and how can we defend against it? Read on, and your data, passwords and money will be far safer.
Table of Contents
What is a phishing attack
Phishing is based on the English word fishing. That’s why phishing is sometimes called rhybaření in Slovak. Attackers try to lure (fish out) sensitive data from users by pretending to be trustworthy and official representatives of the service they are using.
The attack typically takes place via email. The message says some fake information about, for example, that a credit card has been blocked, or some other service, or anything urgent. There is also a link in the email that leads to a fraudulent website that resembles or is even indistinguishable at first glance from the official service.
On this fraudulent website, we are then supposed to enter our login details or other sensitive data under the pretext of giving them to the attackers to get them for themselves.
A phishing attack can take place over email, but we can also encounter attacks via SMS or even direct contact, where the attacker pretends to be someone else in order to get this data from us.
Phishing attacks used to be very transparent, but they are getting more sophisticated
Detecting a phishing attack over 10 years ago was not a problem. Fraudulent messages were poorly translated, contained grammatical errors or typos, and the fraudulent sites looked nothing like the official sites. A more experienced user recognized these scams immediately, and even less experienced users at least suspected something was amiss.
But that time has unfortunately passed. Phishing messages today are translated perfectly and without errors, and the scam sites are virtually indistinguishable from the official ones. Attackers can also find out a lot of information about their victims before an attack, thanks to the Internet. Emails may contain, for example, real names or other personalised data. The message will thus relate to a service that we actually use. When replying, the attackers can even communicate with us and increase their credibility.
This makes it much easier to fall for this scam, so we need to be careful what links we open and where we enter our details and passwords.
So how do you defend yourself against a phishing attack?
The main protection against phishing is common sense, but of course also the use of protection software that detects these fraudulent emails and alerts you when you visit a suspicious site, for example. If anything in the message doesn’t work for you, always verify that it is a legitimate message before taking any action. Here are some tips to better protect your data:
- Always check the address of the email sender – Emails from scammers come from addresses that have nothing to do with the company they claim to be. For example, it is possible to spoof the name of a contact who looks legit to some extent, but if the address is different than what you would expect and that is where you normally receive messages from the service, always beware
- Don’t react – Don’t react in any way to a phishing attack. Do not open attachments, reply or click on any links, even out of curiosity.
- Enter URLs directly – If you want to get to your bank’s website, email addresses, or social networking sites, for example (or any other service that’s important), enter the URL into your browser by typing it directly into the address bar.
- Beware of absurdly good deals – Beware if someone offers you something for free or at an absolutely huge discount, usually still with some sort of time limit. These offers are often a scam, and if they’re not, you can certainly find them on the company’s official website.
- Beware of threats – If an email has a tone that is fear-inducing or outright threatening, it is probably phishing. Of course, it can also be an unfortunate tone, but if someone writes to you saying that your account will be blocked in a moment, that your password has been cracked, or anything like that, be careful. Get to the service that is affected directly, that is, not the links from the email, and verify the information.