Whether conducted over email, social media, SMS, or another vector, all phishing attacks follow the same basic principles. The attacker sends a targeted pitch aimed at persuading the victim to click a link, download an attachment, send requested information, or even complete an actual payment.
As for what phishing can do, that’s left up to the imagination and skill of the phisher. The ubiquity of social media means that phishers have access to more personal info on their targets than ever before. Armed with all this data, phishers can precisely tailor their attacks to the needs, wants, and life circumstances of their targets, resulting in a much more attractive proposition. Social media, in these cases, fuels more powerful social engineering.
Most phishing can lead to identity or financial theft, and it’s also an effective technique for corporate espionage or data theft. Some hackers will go so far as to create fake social media profiles and invest time into building a rapport with potential victims, only springing the trap after establishing trust.
What’s the cost of phishing? Not just financial damages, but in these cases, a loss of trust. It hurts to get scammed by someone you thought you could count on, and recovery can take a long time.
Scammers use three main social engineering techniques to try to trick people into disclosing personal information. Protect yourself by learning how to spot them:
Phishing: An email message that asks you to click on a link, download a file or reply with confidential information.
Red flags to look for:
Smart tip
Don’t click the link or give out your information if anything looks suspicious. To verify a message, visit your bank or company’s website by entering their address directly into your browser or by using a bookmark you made for yourself. Turn on your email spam filter to prevent some suspicious emails from getting to you. If you believe an email is a phishing attempt, use your email service’s junk, report or block feature.
Vishing: A phone call or voice message from a person requesting confidential information.
Red flags to look for:
Smart tip
Ask for their organization, full name, position and callback number. Then contact the organization yourself directly, using information provided on its own website to determine whether the call was legitimate.
Smishing: A text message asking you to click on a link or reply with confidential information.
Red flags to look for:
Smart tip
Be aware of text messages from unknown senders. No legitimate organization will request you to reply with personal information via text message.
If you're using a screen reader or other auxiliary aid
and having problems using this web site,
please call 800-765-4527 for assistance.