Every day, millions of people worldwide fall victim to internet scams. These scams can take many forms, such as fraudulent investment opportunities, fake job offers, and phishing attacks.
That’s why it’s crucial for people to take steps to protect themselves. Staying informed, remaining cautious, and following good security practices can help to significantly reduce the risk of falling victim to scams. These steps to security awareness are especially crucial when it comes to phishing attacks, one of the most widespread types of internet scams, totaling over 500 million reported attacks in 2022.1
This article will explore common phishing attacks and provide strategies to help people protect themselves from falling prey to these fraudulent schemes.
Phishing is a type of cyber attack where scammers pose as legitimate institutions, companies, and sometimes as friends or family, and then attempt to trick individuals into giving away their personal or financial information.
In a typical phishing attack, scammers might create fake emails, text messages, or websites that appear legitimate. They might use logos, branding, or other elements to make the communication look like it's coming from a trusted source, such as a bank or social media platform.
Normally, the goal of the attacker is to convince the recipient to click on a link, download an attachment, or enter their personal information.
When understanding how to prevent phishing, it’s important to learn what these attacks might look like.
Phishing scams can attack a general audience (spam phishing) or target a specific group or individual (spear phishing). Within these two categories, there are different types of phishing attacks that scammers might use.
Here are some to be aware of:
Some phishing scams claim to be from someone a person knows, while others pretend to be from a reputable business or charity. Scammers may often threaten to send a debt collector to an individual’s house if they don't transfer money or supply their personal information. Alternatively, a phishing attack may claim someone has a tax refund waiting, requiring them to click on a link — which then might release a virus or malware that can infect the person’s computer.
With so many variations of phishing attacks, it's important to stay vigilant online and when dealing with digital communications. Consider the following to help potentially spot phishing attempts:
Another common tactic used by phishing attacks is to imply a sense of urgency. Often, phishing scams might tell a person they have just a few short hours to respond to the message, instilling fear and making them feel that they must act quickly.
Don’t click on links before verifying who the message is from and whether the link is safe. Check the sender's details. It may be helpful to look up a company’s official website and verify their contact information to confirm legitimacy. People could also consider navigating on a company’s official website to the purported link destination instead of clicking on a link in an email or message. Online URL-checking tools may also be available that can verify whether a link is legitimate or not — though it’s important to be careful and not click the link when copying it to the URL checker.
Updating device software can be a great way to protect data, as updates typically include new and enhanced features that can address real-time security issues. Don’t just update laptop software — remember to update mobile devices and desktop computers too.
If possible, set up a passkey as the primary login option. Passkeys are considered to be more secure than passwords because they are resistant to phishing and hacking attempts.2 Passkeys let people log in to an app or website by confirming their identity with biometric data (such as face or fingerprint ID), device passcode, or PIN.
Passkeys may not be available on all websites or apps, so review login options when setting up or assessing an account.
Many organizations also offer multifactor (also known as MFA or two-factor) authentication to access their app or platform. This can be via a code that is sent to a personal device or contact account, such as a phone or email, or through an associated MFA app. This can add a form of security past a login username and password.
For example, a person may enter in their login information to a website. The website then sends a code to the person’s phone. The person then needs to input the code into the website before they’re able to officially sign in.
While MFA adds an additional step, it could possibly help people avoid being targeted by phishing scammers.
If someone thinks they’ve fallen victim to a phishing attack, it’s important to act fast to minimize potential damage. Consider taking the following steps:
As with many organizations, some phishing scams might involve fake PayPal messages. If unsure whether an email is fraudulent, avoid clicking on any links. Instead, open the app or log in online to see if the same message is in the related account.