Don’t Take the Bait!
Hackers Are Trying to Reel You in Through Email
What is phishing?
Email is an essential part or our everyday communications. It is also one of the most common methods that hackers use to attempt to gain access to sensitive information. Phishing is an increasingly common and dangerous cyberattack perpetrated using email. Hackers and scammers, often pretending to represent familiar organizations like our Animal Hospital, IRS or a bank, send out emails that contain links to malicious sites or malware-infected attachments. Their intent is to trick unsuspecting people into surrendering their personal information or even control of their devices.
Phishing works—and is becoming increasingly common—because hackers realize it’s easier to trick people than it is to trick machines. Phishing attacks depend on social engineering: the use of deception or trickery to manipulate people into doing certain things. Hackers play on a number of known human tendencies in order to manipulate their victims. These tendencies include:
- Our desire to help people in need
- Our desire to be liked or to fit in
- Our trust in people and things we recognize
- Our sense of obligation to return a favor or comply with a rule
- Our respect for authority figures
- Our fear of consequences or punishment for noncompliance
By exploiting these tendencies to craft a phishing email, hackers are hoping to gain your trust, intimidate you into cooperating, or rush you into doing something before you can realize something is wrong. Be aware of these tricks and try to identify the warning signs of phishing attacks.
Spear phishing is a targeted form of phishing that aims to trick members of a particular organization. Spear phishing emails typically includes names, logos, and other information relevant to the organization being impersonated in order to establish an appearance of legitimacy. For example, a spear phishing logo targeting a bank employee might claim to come from a regional vice president and include the bank’s logo and contact information in the signature.
SMiShing, or SMS-based phishing, is a form of phishing attack that uses SMS or text messages instead of emails. These types of attacks generally mimic text notifications or offers from companies you might know. They might also invite you to download malicious apps or grant access to your device’s data. SMiShing can be particularly dangerous because many mobile devices are not as well protected as computers, yet they contain a wealth of personal information.
Vishing, or voice-based phishing, uses telephone calls instead of emails. In a vishing scam, attackers rely on victims to trust the person on the other end of the line. They often pose as technical support companies, the IRS, or other organizations in order to get you to divulge personal information.
Social Media Phishing
media based phishing uses messages sent via social media instead of emails. In this type of scam, attackers may send a malicious link or attachment with malware via a social media account such as Facebook, Twitter, LinkedIn or Instagram. They often pose as someone you may know or a familiar company in order to get you to divulge personal information.
What is the Danger to Me?
In the most basic terms, a phishing attack seeks to exploit you—or others—in order to steal your data or compromise your devices. Falling for a phishing attack could lead to hackers stealing your personal data or taking control of your device. Hackers could also compromise other accounts that use your email. Phishing is becoming more and more prevalent, and anyone can receive phishing emails.