On the web, we are bombarded with an avalanche of messages through Email, Facebook, and almost any other portal you can think of (even Pinterest has a message section). Most of these messages may be benign enough to take at face value, but the truth is that some of them are not.
Phishing is one of the oldest tricks in the book used by hackers and scammers to get your personal information. From calling Grandma on a Sunday afternoon and asking her for her National ID information to intercepting actual communication from trusted sources and imitating them, phishing, although sounding quite simple, has grown increasingly complicated and inventive over the years.
Phishing (pronounced ‘fishing’ but slanged by hackers with a ‘ph’) is precisely named that for a reason. Fishers drop a bait on a hook and wait for their unsuspecting 'mark' to bite. The bait, in this case, is false communications through email, phone or SMS.
But that’s not even the interesting part. A fisher often reels in their bait to encourage a catch to ‘bite’. In the same way, a phisher creates a situation in which it becomes essential for a victim to act, such as posing an email from the bank threatening to close your account if you don’t provide your details now.
So, what are the different types of phishing? Sound your foghorn and let me take you through them:
Just as in spearfishing, an attacker thoroughly studies a single victim, tries to get as much information about them and then goes for the kill by imitating their communication. Although time-consuming, spear phishing is very personalised, making it very effective (and no, Michael Jackson is not alive and does not need $50 to appear again).
In this case, an attacker would go for slightly bigger ‘fish’. Attackers would usually go for CEOs, heads of state, or leaders of organisations. The risk involved is greater, but the reward is too.
Now, this is where it gets exciting. Although uncommon in Egypt, clone phishing might be the most complicated and potentially the most unsuspecting type of phishing. A scammer would intercept actual messages from a trusted party and imitate them, making it seem like it is a continuation of a conversation. You may receive an email from a friend asking you to open a link or a message from mom telling you to check her latest travel photos. Clone phishing is so hard to spot because it’s built on trust.
Smishing is a portmanteau for “SMS” and “phishing”. As the name would probably suggest, it is an attempt to gather personal information through SMS. Although smishing may appear relatively easy to catch, it has proved very effective. In fact, in 2020, a large-scale attack in North America was successful in reeling in 4000 victims after a fraudulent SMS was sent from a bank requesting login information from subscribers.
So How Can I Avoid Them?
Let me break out the bad news first: phishing attackers are constantly evolving and adjusting to the times by coming out with newer, more inventive ways to pick our wallets. The good news is, however, there are ways you can detect and counter attacks like these:
Look for Generic elements: If an email starts with “Dear Sir” or “Dear Madam”, this may be relatively harmless, but it does raise some eyebrows.
Tone of Voice Inconsistencies: A bank will usually not start communication with “what’s up?” Although things will not be so clear-cut, looking for inconsistencies in the tone of voice does help.
Watch out for Redirected Websites: Sites that usually redirect you to others are a thing to keep an eye out for. Changing URLs are definitely questionable.
Phishers are always thinking in ingenious ways to scam you of your hard-earned cash but the basics remain the same. Although phishing attacks may appear to be (and sometimes are) complicated, being vigilant and aware should keep you safe from attackers.