As technology evolves, so do security threats. Phishing is a popular method hackers use to get your information, and the methods are constantly changing.
The media has focused heavily on malware, ransomware, and DDoS attacks this year, and with good reason. These often rely on system vulnerabilities to get into networks and cause destruction.
Phishing attacks, on the other hand, require a human response. By staying on guard and informed in the latest methods hackers use to get you to voluntarily hand over information, you can keep yourself safe.
Here are some of the recent ways attackers have been using phishing scams to gain access to your information.
1. MailChimp
From January to April, hackers were using real MailChimp accounts to send malicious emails. These emails included attachments that downloaded software onto machines that stole information. Because MailChimp is a large email service provider, these emails were less likely to get caught in spam filters.
2. GDPR-Related Scams
In May 2018, a new regulation was passed that required email recipients to opt-in to marketing emails. One attack took advantage of this by claiming that they were emailing from Airbnb and that recipients could no longer book any guests until they accepted a new privacy policy. Once the user clicked on the button, they were asked to enter account details and verify financial information.
3. Social Attacks
As communication shifts to other arenas, so do phishing attacks. This year security experts saw phishing attacks start to take place outside the inbox. Platforms like Facebook Messenger, SMS, and even Snapchat are now potential avenues of attack.
How to Prevent Phishing
While the level of sophistication is growing in phishing attacks, there are still some telltale signs that an email or message is not legitimate. Here are some ways to protect yourself from falling prey to an attack.
- Look at the sender and recipient. Phishing emails often come from strange email addresses, and sometimes you are not even listed as the recipient. For email addresses that seem “phishy,” check a spam database like SpamHaus, or the sender’s reputation on
- Be wary of unsolicited emails with attachments. If you don’t know the person sending the email, attachments with .zip extensions are particularly suspect. These file types are compressed files, and can contain malicious code or programs within.
- Never provide financial or personal information. While verifying a password is normal, asking for copious amounts of information, especially financial details, is a sign of a potential phishing attack.
- Look for typos, grammatical errors, and misspellings. Phishing emails often contain these errors, as well as odd sentence structures and phrases that don’t make sense. Reputable companies would never send poorly written emails.
- Beware of redirects. If you click on a link in an email and are redirected several times on your web browser, this is a sign that an attacker is making it hard to trace where attacks are coming from.
What You Should Do If Attacked
If you lose money from a phishing scam, there are things you can do. Here are steps to take to try to recover your losses.
- Change all your passwords. If your system was compromised, the attackers have access to everything on it. Change all passwords, even ones you don’t use often.
- Report the email. Companies often have dedicated email addresses just for these types of emails. Contact the company the email said it was from, and ask what you need to do to get them a copy.
- File a complaint with the IC3. If you’ve lost money as a result of a phishing attack, fill out an online form to report it to the FBI.
Phishing attacks are a tried and true way for hackers to steal information. As long as people are willing to provide sensitive details, attackers will be able to easily compromise systems. By taking steps to educate yourself on how phishing emails look, you’ll be able to prevent future attacks. It may also benefit you to have a good Internet Security package on your computer.