Phishing is one of the oldest cons on the books, and still one of the more popular tools of cyber criminals. Cyber criminals want access to your details and the easiest way to get hold of them is by convincing you that they are someone else – like your bank or a trusted service provider.
Commonly, the victim receives an email or personal message advising them to urgently update their details or that perhaps their information has been compromised and needs their immediate attention. The messages always ask for personal information, and appear to come from trusted sources. However, on closer inspection, the truth of the scam is revealed.
“A phishing email or message will often get the victim to click on a malicious link that may send them to a fake webpage or to a website that contains malware. Cyber criminals are out to make money, so the goal of phishing is to turn a profit, whether it is to gain access to a bank account, download cryptocurrency mining software or tricking the victim into downloading ransomware,” explains Indi Siriniwasa, vice-president of Trend Micro. Sub-Saharan Africa.
As technology evolves, so do the modes of attack, and it’s no different when it comes to phishing. Mobile phishing attacks are gaining ground, especially because mobile phone users are distracted and more likely to click on malicious SMSes.
“We would all like to think we are too tech savvy to get caught by these tactics, yet many are. What their ploys generally all come down to in the end is social engineering. And, social engineering itself is quite simply, the art of persuasion, which is the most valuable tool in any con artist’s arsenal,” says Siriniwasa.
Vigilance, as always, is key. Typically, a phishing email or message would appear to come from a trusted source, but the sender’s email may look blatantly suspect. In some cases, the sender’s email may even look legitimate. To make sure it is, hold your cursor over the address to see if it appears different when you do.
The address and content may differ from the messages you’re used to seeing from the source, and may be addressed to “customer” or “user” instead of you directly. Often the subject line and content will contain emotive words such as “urgent”, “immediate” and important in order to get the victim to click on any links or take the requested action without thinking.
“The motto employed here should be ‘better safe than sorry’. If you’re not sure the email from your bank is from them, call them up or visit their website to make sure. Don’t click on links or download attachments from unsolicited emails. Check the content of the letter, check the sender’s address and the subject line. If it doesn’t look or feel right, chances are it isn’t. It’s better to err on the side of caution than to become a victim of cybercrime,” advises Siriniwasa.