Phishing scams are a type of cybercrime that you have likely come across on the internet but have never known the name for.
Many people are thrown by the name, but once you understand what a phishing scam does, you will realise that it is entirely fitting.
A phishing scam ‘fishes’ for sensitive information en masse, pushing on so many doors that, eventually, one will open. The method a phishing scammer uses to extract this information and the innate human psychology that ensures it is successful will be covered later, but for now, it is important to understand why you need to know about it.
Phishing scams are incredibly common, and while they vary in their levels of sophistication, they can cause substantial damage.
On an individual level, a phishing scammer can steal your bank details, trick you into handing over sensitive personal information (which can always be used against you in another scam further down the line), download malware, or hack into your computer, email or social media accounts.
On a corporate level, a phishing scam can cause damage from the inside out, targeting employees one by one until either a significant amount of private data is stolen, money is extracted, or the website or other internal networks are compromised.
As a result, it is crucial that you learn more about how phishing scams operate and how you can do your best to avoid them:
A definition of phishing scams
A phishing scam is when a cybercriminal sends out a batch of messages (often to hundreds or thousands of different people in one go), posing as a reputable person or organisation which bears some relation to the target.
For example, a phishing scammer might pretend to be your friend, colleague or family member (this is especially convincing when they have already scammed these people and are using their legitimate contact information). Alternatively, they might pose as a business or organisation you are likely to trust.
These might include your bank, asking for your details to reset your account, an insurance company, tax authority, or a business which you regularly buy from.
They use this front to justify demanding a secondary action from you. This usually involves you handing over valuable information about yourself, transferring them money, or downloading files full of malware.
If you would like to find out more about phishing scams, click here for more information.
What are the various types of a phishing scam?
There are a few different variations of phishing scams to be aware of.
The first, and most common, is the email phishing scam. This is the type of scam mentioned above, and usually targets everyday people who may be unaware what a phishing scam is.
Secondly, there is whale phishing, which is like a normal phishing scam, but instead targets C-suite executives, business owners and other high-status individuals. These emails are crafted with a lot more prior research and sophistication.
The copy will include corporate language familiar to the target and personal information that only a close friend or colleague know.
Another common type of phishing scam is called vishing. This acts with the same principle as traditional phishing but operates instead via phone conversations.
Arguably, if anything, vishing scams can be more powerful than email phishing because they put you under time pressure. When you are on the phone with someone who sounds convincing, you don’t have enough time to consider the evidence or make a balanced decision.
Why are they so effective?
Phishing scams are effective because they prey upon natural human instincts.
People are both quick to trust and easy to distract. If you receive hundreds of emails per day, you sink into a routine of opening the message, speed-reading it and taking immediate action.
As long as the email or phone call sounds legitimate, you are likely to click the link or hand over details. While this is not a rule, it is a natural inclination, which, if enough messages are sent, eventually works.
Phishing scammers act in a similar way to traditional con artists. They make you feel flustered or emotional by demanding action (always backed up by a legitimate reason) and paint a picture of the possible negative consequences of not doing as they have asked.
What can you do to prevent them from scamming you?
You can help prevent a phishing scam simply by understanding how they work.
Scammers are only successful if you can’t recognise the tell-tale signs of fraud and are too quick to act.
Always double-check the information you receive in emails and be sure to ignore it if you’re not 100% convinced by it.