Phishing Attack: You're the prey and hackers have the best bait.
A phishing attack is exactly what it sounds like. Hackers cast a cyber fishing lure and patiently wait for someone to take the digital bait. And when someone does they are yanked out of the soft shimmering waters of cyberspace and right back into the cold, harsh land of reality where they have just been hacked.
The "bait" that hackers use in a phishing attack can take many forms, and a little diligence on your part, coupled with a little bit of technology to help you, can go a long way in making sure you aren't a hacker's trophy catch.
How Will a Phishing Attack Take Place?
Hackers use phishing attacks in a number of different ways. At their core, a phishing attack is something "disguised" to look like an email or website with authority or familiarity that then prompts you to give up valuable information such as your bank account login, convinces you to download malware onto your computer, or any other manner of illegitimate activities. We've all gotten the email from a "Nigerian prince" asking for money, and while that is technically a phishing email, hackers have gotten a lot more sophisticated in how they attempt to get information or money from you.
There are a number of different types of phishing attacks to be on the look out for. Here are a few examples of phishing scenarios you might come across.
- A "friend" emails you asking you to venmo them some money
- "Bank of America" emails you saying there was suspicious activity and you need to login to your account
- A "coworker" emails you an attachment for you to download
What Does a Phishing Attack Look Like?
The success of a phishing attack is predicated on the hacker's ability to convince you that you are doing what you are supposed to be doing, and that the email, attachment, or website is the legitimate site. It is extremely easy to make a website look like another, or an email look like it came from a friend or a company that you are familiar with. All it takes is a little bit of know-how and a few lines of code and a hacker can have a site that looks exactly like your bank, complete with login. And if you are fooled and attempt to login, they now have your bank account login and can rob you blind before you even know you've done anything wrong.
So to answer the question "what does a phishing attack look like?" the answer can only be: Whatever a hacker wants it to.
Check out the examples below.
Pretty scary how much those look like the real thing, right?
How Do I Stop Myself From Falling Prey to Phishing Attacks?
You might be asking yourself: "if it is so easy for hackers to make a website or email look legitimate, what can I do to stop from getting phished."
The answer is: A lot.
Even though a hacker can make a phishing website or phishing email look legitimate there are a number of things they can't do through this type of attack. For example they can't make the email address a phishing email is coming from come directly from the actual company or person they are impersonating. They can't make the URL of the site they are sending you to the same URL as the actual site. So they try to mask these parts.
By being vigilant you can spot these types of masks and know that they are phishing attempts.
Here are a few things to lookout for:
- The complete wrong URL. In the above phishing page that appears to be Paypal it says that the website is actually on scotiauniversity.com
- URLs that replace parts of the URL with a number or letter for example: bank0famerica.com instead of bankofamerica.com - notice how the "o" in "of" was replaced by a zero?
- Subdomains on sites that are unfamiliar, for example: paypal.bankinginmybackyard.com
- Email address URLs that don't match up to the sender; in the example above the Paypal email comes from firstname.lastname@example.org?
- Emails with attachments or links that provide no direct context, for example: Bob, open check out this link.
On top of looking out for these, you can also install an inbox protector and content monitor like Paladin that monitors and compares emails and websites to known Phishing attacks.
Phishing poses a real threat to you and your cyber security. But by taking the steps and remaining diligent you can greatly reduce the number of chances that a hacker has to breach you and your accounts.