What Is Phishing? 6 Common Cyber Security Exploits Explained

What is Phishing

If you’ve followed cyber security news, you’ve likely heard of the term phishing. But what is phishing, exactly? It’s a type of scheme to steal your private information, drain your bank account, hijack your identity or maybe even all three.

Phishing scams are bad news and the number of victims affected is staggering. One 2016 study found that 91 percent of all cyberattacks start with a phishing email. The best way to avoid becoming a phishing scam statistic is to understand how these scammers operate.

The earliest phishing schemes were fairly crude—even laughable in hindsight. We’ve all heard of those emails in which some imaginary Nigerian prince urgently needed to transfer millions of dollars—and all you needed to do to earn your 20 percent cut was provide your banking account details to facilitate the transfer of cash.

Unfortunately, those days of obvious cons are gone. Today, phishing scams can be incredibly sophisticated and hard to detect, making even the most cautious internet users vulnerable. 

6 common phishing schemes to watch out for

Phishing attacks are constantly evolving and anyone could end up taking the bait. While we may not be able to know exactly what the future of phishing may bring, we can learn to switch on our phishing scam radars by understanding some of the common methods used in the past.

To help with that, we identified eight common phishing attack schemes to be aware of.

1. The malicious Microsoft Office file

How does it work? An unknown person or organization sends you a Microsoft Office Word or Excel file and tells you to look at it and update information. To do that, you are tricked into enabling editing or macros. But when you do, malware, ransomware or Trojan software infects your computer.
How can this be avoided? Do not enable editing or macros in documents from unknown senders. Additionally, update your Microsoft Office software and stop using older versions like Office 2003 and 2007.

2. The irate customer

How does it work? This is a scam targeting businesses. These businesses will receive a message from a supposedly very upset customer who attaches a fake invoice. Unsuspecting employees hoping to rectify the situation will often rush to open the invoice file, unleashing malware into the company system.  Dave Bourgeois, CEO of My IT, says this scam can take on extra layer of believability.

“To make things worse, the scammer often sends follow-up emails demanding a response and is seemingly more upset that you have not responded yet,” Bourgeois says.

How can this be avoided? Before clicking the attachment, check customer records to determine if the sender is a customer. If suspicious, ask the sender to explain the problem without opening the invoice.

3. The fake job listing

How does it work? Fake job postings on online job boards seek out applicants and follow up with an email saying that you’ll need to complete an application that includes sensitive personal information like your home address, date of birth and social security number. Brandon Ackroyd, Founder of Tiger Mobiles, says falling for this common phishing scam is often a product of job-seeker desperation.

“This scam preys on individuals who are looking for work and might be struggling to find it, so an email like this seems like a godsend.”

Of course, there is no job at the end of this process—only the hassle of a stolen identity.

How can this be avoided? There are several ways to sniff this scam out. Start by asking yourself some questions: Where is the website for the job post listing? Does this seem like a legitimate business? Do they have an address listed for their office? Does the job sound a little too good to be true?

Even if they seem to pass this initial set of questions, let it be known that you’re concerned about the security of your personal information and ask to speak with a recruiter. If they object, move on. Even if they aren’t a scam, sloppy practices like this likely won’t bode well for how they handle the rest of their business.

4. Requests to update personal Information or resolve a discrepancy

How does it work? Let’s say you get an email from a bank, credit card company or other business asking you to update your account record or resolve a discrepancy. They conveniently provide a link for you to access the account. Sounds like a plausible thing, right? But watch out—scammers can set up very realistic-looking fake websites. When you enter your personal information, you are handing it over to thieves.

How can this be avoided? First, take a very close look at the URL. Scammers are getting tricky with very subtle changes. For instance, a scammer could try sending a link to www.wellfargo.com instead of to the legitimate banking site, www.wellsfargo.com, by simply dropping the “s” in the URL. If you get a suspicious email, don’t click the link. Instead, if you’re concerned, manually type in the company’s web address in a new browser window, or call the customer service line to inquire about your account.

5. Links from a friend’s social media account

How does it work? When a friend’s social media account is hacked, you could get a message that appears to come from that friend. But the truth is that scammers hijacked the account, sending out messages that ask unsuspecting followers to click dangerous links or log into well-designed fake websites.

How can this be avoided? Even messages appearing to come from people you know should be handled carefully, especially if they ask you to click links or login to a site. Before doing anything, contact that person outside of the social media platform to ask if the message is legitimate. Additionally, give yourself extra protection by using two-factor authentication on accounts whenever possible.

6. Spear phishing attacks

How does it work? This attack method is often targeted at organizations. Scammers collect public data about an individual known to people within the organization. This information is then used to create believable, fake accounts to carry out their scam.

As an example, scammers could gather public information about the CEO of a company to create a fake personal email account. From there, they could send what looks like a message from the CEO of a company to an employee, asking them to click a link to deal with an urgent matter. The message could include a signature with the CEO’s name, phone number, office location and other convincing data that could convince the less-cautious to click.  Clicking the link unleashes an attack against the company’s computer system. In some cases, these messages are actually sent from the CEO’s true account after a security slip-up of their own.

How can this be avoided? For one, CEOs and other important members of an organization should not be exempt from security training. Their clout with employees makes them a valuable target for scammers as it is much easier for employees to fall victim to messages from compromised accounts. Employees should also treat any link in an email, particularly from an external source, with extreme caution.

What should you do when you suspect a phishing scam?

Phishing email scams can range from being a frustrating nuisance to a national security threat—and they aren’t going away any time soon. But that doesn’t mean you can’t help fight their spread. If you find a suspicious email, you can help by forwarding phishing emails to spam@uce.gov or reportphishing@antiphishing.org.

Help stop digital scammers

Does reading about these scams make you want to fight back beyond reporting suspicious emails?  If so, you might be interested in learning about the information security field. If you’d like to learn more about the career opportunities available to would-be cybercrime fighters, check out our article, “5 Fascinating Infosec Jobs That Help Combat Cybercrime.


RELATED ARTICLES:

This piece of ad content was created by Rasmussen College to support its educational programs. Rasmussen College may not prepare students for all positions featured within this content. Please visit www.rasmussen.edu/degrees for a list of programs offered. External links provided on rasmussen.edu are for reference only. Rasmussen College does not guarantee, approve, control, or specifically endorse the information or products available on websites linked to, and is not endorsed by website owners, authors and/or organizations referenced. Rasmussen College is a regionally accredited private college and Public Benefit Corporation.

Gordon is a freelance writer for Collegis Education who writes student-focused articles on behalf of Rasmussen College. He enjoys using the storytelling power of words to help others discover new paths in the journeys of life.

Receive Personalized Information Today

  • Personalized financial aid
  • Customized support services
  • Detailed program plan
  • Attend a no-obiligation Nursing Information Session
  • Meet the Dean of Nursing
  • Enrollment application
  • Personalized financial aid
  • Career path guidance

How may we contact you?

Please complete all fields

What would you like to study?

The program you have selected is not available in your area. Please select another program of interest.

By requesting information, I authorize Rasmussen College to contact me by email, phone or text message at the number provided.

close
Share Your Story Ideas
Our campuses and online community have stories to tell and we want to hear them! Did your campus raise the most money in the community for an organization? Do you have online study tips for other students? Would you like to share a personal success story about overcoming an obstacle while earning your degree?
To have your story idea considered:
  • You must be a faculty member, current student or graduate
  • Story ideas must be regarding Rasmussen College or an inspiring story about a student at Rasmussen College
  • Your submission must be original and may not have been published elsewhere online already
Please Note: Your story idea may be featured on the Rasmussen College News Beat or on one of our social networks. A member of our news team will contact you should we move forward with a blog post.
Feel free to suggest an idea for a blog post to be featured on the Rasmussen College News Beat by filling out the form below:

First Name: (required)

Last Name: (required)

Email Address: (required)

Phone Number: (required)

500 characters or less

close

Your Story Idea Has Been Submitted

Thank you for sending us a story idea! We’re reviewing submissions and may contact you soon to learn more about your story. In the meantime, make sure to check out our current blogs to see what’s happening on campus.

close