When many people hear the word “hacker,” they may think of someone hunched over at a computer screen staring at lines of code while vigorously typing their way past firewalls and password-protected databases.
While you may find a dramatic scene like this in a Hollywood film, you likely won’t come across it in the real world. With security measures always getting better, hackers today rely on simpler approaches to gain access to your data.
The type of hacker we’re talking about here are known as social engineers. They use human psychology to obtain sensitive information rather than the high-tech mumbo jumbo we see too often in movies. One of the most commonly used hacking techniques used by social engineers is phishing.
What Is Phishing?
Phishing scams often seek to obtain personal information such as usernames, passwords, banking info, or social security numbers.
These scams usually come in the form of an email. It’s essentially a spam account that is posing as a big-name company like Amazon, PayPal, or a bank, but is really just a con artist trying to convince you to give up your sensitive or financial information.
How Phishing Works
How it typically works is that you’ll receive an email in your inbox with an urgent or threatening subject heading. “An Investigation has Been Launched on Your Account,” for instance.
In the email, they will tell you that they need to verify your account and will ask you to either send your information to them in a reply or click on an embedded link within the email and enter your information there.
Clicking on the link will likely take you to a website that shares some similarities to the company’s website the attacker is trying to impersonate, making you feel that it’s safe to put in your information.
Submitting your credentials and information will effectively grant the attacker access to your account.
Phishing attacks can also come in the form of ransomware or appear to be sent from a charity or government agency.
Signs that It’s a Phishing Scam
- There are mismatched URLs in the email.
- URLs contain misleading domain names, such as Alerts@Apple.co.uk or Secure@co.microsoft.net.
- They use bad spelling and grammar.
- They use a generic greeting like “Dear, Valued Customer.”
- They specifically ask for personal information.
- The offers seem too good to be true.
- The email was unsolicited.
- They ask you to send them money.
- They make unsubstantiated threats such as shutting down your account or taking your money.
If you think you’ve been a victim of a phishing scam, the best thing to do is contact the organization your account is with and tell them what happened. They should be able to straighten things out and re-secure your account.