When you think of phishing, you probably think of email. As people move away from email to other types of messaging, attackers are following. There has been a dramatic increase in phishing using text messaging, Apple’s iMessage, WhatsApp, Facebook Messenger and Instagram direct messages. With very little filtering, attackers know their scams and messages are far more likely to reach you. These short messages also provide very little context, making it harder to determine what’s legitimate and what is a phishing message. More than ever, it’s critical to watch out for scams and phishing messages everywhere, not just in your email box.
Phishing and Scams – What to Watch For
In the past, attackers would usually try to get someone to click on a link or an attachment to install malware on their machine. That would give the hacker access to the user’s information and they could use their machine to conduct other types of attacks. They have gotten more sophisticated and have learned how they better profit from their attacks. Here are the types of things this new generation of bad actors is looking for:
Passwords
By stealing someone’s passwords and login credentials, an attacker can access more than just what’s on the person’s machine. Since many people use the same password on multiple websites, hackers can use their login information to get the person’s information across the web. A few years ago, customers found out that not even their Dunkin Donuts Perks accounts were safe. To steal passwords, attackers usually send people to a spoofed website that asks them to login. Be on alert anytime you click a link and it immediately takes you to a place to login.
Phone
More phishing attacks do not include a link, but instead include a phone number to call. The goal is to get the victim to call a phone number to speak to someone. While it more effort on the attacker’s part, they are much more profitable because they can trick people out of much more money. These scams usually include a phishing message that alerts the person to an unexpected charge or expense with a phone number to call to resolve the issue. When they call, the attacker tricks them into getting access to financial information. If you receive a surprising message that gets you upset, that’s when you need to be on alert that it could be a phishing message.
Scams
Attackers have learned that scams are much more profitable than infecting someone’s computer. With frequent communication and mutli-step processes, the attacker can manufacture the situation to make the victim feel more like the situation is real. They’ll impersonate anyone that can cause the victim to take action – customer service for a company, police or law enforcement, etc. The tip off is when they ask for your bank or financial information. If ANYONE ever requests payment in gift cards, you can be pretty sure you are dealing with a scammer.
The key is to watch for other types of scams and phishing attacks and that it’s not just about not clicking a link or attachment. Phishing attacks are no longer about infecting your computer. Watch for the following signs of an attack, and not just on email, but any messaging platform.
Signs of a Scam or Phishing Attack
Attackers are creative and are constantly coming up with new ways to trick you. However, it’s important to watch for these signs of a scam or phishing, regardless of the type of message you receive.
Urgency
It’s no secret that people make mistakes when they are in a hurry. If a message makes you feel like you have to take action right away, it could be a scam or phishing attack. Things like canceling an unexpected purchase or delivery, taxes being overdue, the need to fix something using your login and password, or the threat of being arrested or fined are meant to create urgency and pressure.
Curiosity
They say it’s what killed the cat for good reason. Attackers want to pique your curiosity to make you take action. This is also where messages about undelivered packages or Amazon refunds are used to make you want to call or click to get more information. Another way to get the user curious is by offering things that are too good to be true. They will entice you with unbelievable deals or offers, and as the old saying goes, “if it’s too good to be true, it probably is.”
Approach and Tone
An email coming from a company you have an account with will probably use your name, and not a generic greeting, such as “Dear Customer.” Double-check emails that include these generic greetings or have a sign-off that simply says it’s from “Customer Service.” Similarly, if you are receiving an email from a good friend or co-worker and the tone seems off, check in with the person using a different contact method to see if they really sent you the message.
Where’s it Coming From or Going To?
Check messages to see where they are coming from or where they’re trying to take you. For example, if an email from a well-known business ends in something like @gmail.com, it’s probably fake. Check the email to see the actual address is in the “from” line. And if a text message from someone you know comes from a number you don’t recognize, it’s probably not that person. Also, check to see where any links are trying to take you. Even if the text shows a link, mouse over it to see where it is actually taking you. If the text in the message and the location of the link are different, beware. Finally, beware of links hidden by short URLs, such as bit.ly/ or t.co/. You can check these short URLs at checkshorturl.com to see where they will take you. If it looks suspicious, don’t click the link.
Misspelling and Poor Grammar
With artificial intelligence and spell-checking becoming more prevalent, attackers are no longer more likely to have misspellings and poor grammar in their messages. While it can indicate that it could be a phishing message, you may be just as likely nowadays to receive a legitimate email with those types of mistakes.
A Few Things You Can Do About a Scam or Phishing Attack
When you spot them, it’s easy to simply delete these messages and move on with your day, but by helping to take down phishing and scam website, you can also help prevent others from falling victim. Make the web a safer place for everyone by taking a couple minutes to report the websites hackers are using in their phishing scams.
If you don’t spot them, there are several things you can do to prepare, including taking steps to protect your identity and backing up your important information. A password manager, such as NordPass or Keeper can monitor your passwords and notify you if one of them is stolen or shared on the dark web, or go for more complete identity theft monitoring.