What is Phishing, and How Not to Get Caught

What is Phishing, and How Not to Get Caught
ClickAway Tech Blog

Protecting your technology from cyberattacks is very important, but even if you have good antimalware software and properly configured firewalls on your devices, hackers may still attack your devices by phishing. No, that’s not a misspelling.

Phishing is an attack that tries to fool you into giving a hacker with malicious intent access to your technology.

The Risk:

Successful phishing attacks can be extremely expensive and disruptive. If your technology stores financial data, your accounts might be drained, and you may have to shut down all of your existing accounts and open new ones. If your technology stores personal data, your identity might be stolen. If the data stored on your technology is valuable, it might be held for ransom.

How Phishing Attacks Work:

A phishing attack starts when you receive an email, phone call, or text message that appears to come from a company or person you know but is actually from a bad actor trying to get access to your technology for malicious purposes. The idea is to either scare or entice you into calling, clicking on a button or link, or responding to a text message.

The majority of phishing attackers impersonate big banks or credit card companies, technology companies like Microsoft and Apple, or online retailers like Amazon.

The call, email, or text message may say that there is some problem with your device, and the caller/ sender can help you get that resolved. Or it may describe an enticing offer. If the bad actor gets you to call, he will try to get you to install some remote access software and give him permission to use it. If the bad actor gets you to click on a button or link in an email or respond to a text message, that will launch a program that gives the bad actor access. Once the bad actor has access to your technology, he will install some form of malware which he plans to use later to extract data, corrupt your device, and/or set up a ransom situation.

If you are an Apple user, be especially warry of giving anyone you don’t personally know your Apple ID. It can be used to cause all kinds of harm. The same goes for Microsoft Account credentials.

Protection:

Some antimalware software may protect you from email-launched malware. No antimalware software can protect you from harm if you give a bad actor remote access to your technology.

The only effective protection is your awareness of the risk, being skeptical of calls, emails, and text messages like those described above, and avoiding giving strangers access to your technology. Don’t go for the bait.

Recommendations:

No reputable manufacturer or software company will call you about issues on your device or ask for payment to help. If an email seems too good to be true, it probably is bogus. ClickAway recommends:

  1. Never give anyone you don’t personally know permission to install or use a remote access tool.
  2. If you have any concerns about an email, check that its email address domain (last 2 elements: xxxxxx.xxx) matches the real company’s website and is spelled correctly. If the email seems bogus, don’t open it; just delete it. You can always use the real company’s website to contact them.
  3. Never call a phone number on an email. If you want to call a company, go to their website, and get their real phone number.
  4. Always be extremely skeptical. Better safe than sorry. When in doubt, give ClickAway a call.
  5. Back up your data frequently to reduce potential financial risk.

If you think you have been successfully phished, immediately contact any financial institutions where you have accounts that might be affected, turn off your device, and bring it in to ClickAway for a free malware scan.