Whatever you call it, phishing, social engineering or ‘hacking the mind’ always relies on human weaknesses to succeed
Phishing or social engineering attacks are increasingly being used by cyber criminals to trick internet users into revealing sensitive information – website login details, bank account or credit card details or personal data that forms part of your identity.
Phishing emails (note the ‘ph’) are designed to look official and may use an ‘urgent security alert’ or other reason for you to immediately visit a website to confirm your personal details.
Misspelt website addresses or URLs can be bought and set up to look similar to your bank website with copied logos and login forms the added touch that aims to convince you to enter your account login information.
Beware the friend in need
A friend’s hacked email address can now be used to send highly convincing – but fake – appeals for emergency help or direct you off to ‘interesting’ video or photo content, perhaps involving a celebrity sex scandal.
Click the link in the email though and you may end up on a website designed to infect your computer if you haven’t fully patched the operating system and all software on it, particularly Java and Adobe Flash.
Even social networks have been affected by spam or malware links added via rogue apps or compromised accounts.
So long and thanks for all the phish
Not sure what to look out for? Check out the NZ Phishing Species, a series of imaginary ‘phish’ designed by cartoonist Chris Slane to illustrate all manner of online scams and social engineering angles you may encounter online.
How to avoid getting phished
- Learn about the various phishing species that try to hook you and reel you in
- Be careful when you receive emails requesting urgent account verification
- Don’t download and open unexpected attachments
- Curiousity killed the cat – avoid clicking on video or photo links posted on your newsfeed
- Don’t respond, download files or click on links to websites you’re suspicious of
- Investigate any online offers carefully that appear to be too good to be true
- Check to see if your anti-virus software comes bundled with anti-phishing tools or consider installing the crowdsourced browser plug-in Web of Trust (WOT).
- Learn how to spot a fake phishing email with this great guide from APNK, part of the National Library of New Zealand
- How to spot a fake banking website
- Think you know your social engineering stuff? Take the SonicWALL Phishing IQ Test
- Complain about txt spam including lottery and prize wins to the DIA or forward the message for free to 7726
- Watch General Phishinscam’s first brief outing in a NetSafe video from 2012