What Is Phishing? 6 Common Cyber Security Exploits Explained

What is Phishing

If you’ve followed cyber security news, you’ve likely heard of the term phishing. But what is phishing, exactly? It’s a type of scheme to steal your private information, drain your bank account, hijack your identity or maybe even all three.

Phishing scams are bad news and the number of victims affected is staggering. One 2016 study found that 91 percent of all cyberattacks start with a phishing email. The best way to avoid becoming a phishing scam statistic is to understand how these scammers operate.

The earliest phishing schemes were fairly crude—even laughable in hindsight. We’ve all heard of those emails in which some imaginary Nigerian prince urgently needed to transfer millions of dollars—and all you needed to do to earn your 20 percent cut was provide your banking account details to facilitate the transfer of cash.

Unfortunately, those days of obvious cons are gone. Today, phishing scams can be incredibly sophisticated and hard to detect, making even the most cautious internet users vulnerable.

6 common phishing schemes to watch out for

Phishing attacks are constantly evolving and anyone could end up taking the bait. While we may not be able to know exactly what the future of phishing may bring, we can learn to switch on our phishing scam radars by understanding some of the common methods used in the past.

To help with that, we identified six common phishing attack schemes to be aware of.

1. The malicious Microsoft Office file

How does it work? An unknown person or organization sends you a Microsoft Office Word or Excel file and tells you to look at it and update information. To do that, you are tricked into enabling editing or macros. But when you do, malware, ransomware or Trojan software infects your computer.
How can this be avoided? Do not enable editing or macros in documents from unknown senders. Additionally, update your Microsoft Office software and stop using older versions like Office 2003 and 2007.

2. The irate customer

How does it work? This is a scam targeting businesses. These businesses will receive a message from a supposedly very upset customer who attaches a fake invoice. Unsuspecting employees hoping to rectify the situation will often rush to open the invoice file, unleashing malware into the company system.  Dave Bourgeois, CEO of My IT, says this scam can take on extra layer of believability.

“To make things worse, the scammer often sends follow-up emails demanding a response and is seemingly more upset that you have not responded yet,” Bourgeois says.

How can this be avoided? Before clicking the attachment, check customer records to determine if the sender is a customer. If suspicious, ask the sender to explain the problem without opening the invoice.

3. The fake job listing

How does it work? Fake job postings on online job boards seek out applicants and follow up with an email saying that you’ll need to complete an application that includes sensitive personal information like your home address, date of birth and social security number. Brandon Ackroyd, Founder of Tiger Mobiles, says falling for this common phishing scam is often a product of job-seeker desperation.

“This scam preys on individuals who are looking for work and might be struggling to find it, so an email like this seems like a godsend.”

Of course, there is no job at the end of this process—only the hassle of a stolen identity.

How can this be avoided? There are several ways to sniff this scam out. Start by asking yourself some questions: Where is the website for the job post listing? Does this seem like a legitimate business? Do they have an address listed for their office? Does the job sound a little too good to be true?

Even if they seem to pass this initial set of questions, let it be known that you’re concerned about the security of your personal information and ask to speak with a recruiter. If they object, move on. Even if they aren’t a scam, sloppy practices like this likely won’t bode well for how they handle the rest of their business.

4. Requests to update personal Information or resolve a discrepancy

How does it work? Let’s say you get an email from a bank, credit card company or other business asking you to update your account record or resolve a discrepancy. They conveniently provide a link for you to access the account. Sounds like a plausible thing, right? But watch out—scammers can set up very realistic-looking fake websites. When you enter your personal information, you are handing it over to thieves.

How can this be avoided? First, take a very close look at the URL. Scammers are getting tricky with very subtle changes. For instance, a scammer could try sending a link to www.wellfargo.com instead of to the legitimate banking site, www.wellsfargo.com, by simply dropping the “s” in the URL. If you get a suspicious email, don’t click the link. Instead, if you’re concerned, manually type in the company’s web address in a new browser window, or call the customer service line to inquire about your account.

5. Links from a friend’s social media account

How does it work? When a friend’s social media account is hacked, you could get a message that appears to come from that friend. But the truth is that scammers hijacked the account, sending out messages that ask unsuspecting followers to click dangerous links or log into well-designed fake websites.

How can this be avoided? Even messages appearing to come from people you know should be handled carefully, especially if they ask you to click links or login to a site. Before doing anything, contact that person outside of the social media platform to ask if the message is legitimate. Additionally, give yourself extra protection by using two-factor authentication on accounts whenever possible.

6. Spear phishing attacks

How does it work? This attack method is often targeted at organizations. Scammers collect public data about an individual known to people within the organization. This information is then used to create believable, fake accounts to carry out their scam.

As an example, scammers could gather public information about the CEO of a company to create a fake personal email account. From there, they could send what looks like a message from the CEO of a company to an employee, asking them to click a link to deal with an urgent matter. The message could include a signature with the CEO’s name, phone number, office location and other convincing data that could convince the less-cautious to click.  Clicking the link unleashes an attack against the company’s computer system. In some cases, these messages are actually sent from the CEO’s true account after a security slip-up of their own.

How can this be avoided? For one, CEOs and other important members of an organization should not be exempt from security training. Their clout with employees makes them a valuable target for scammers as it is much easier for employees to fall victim to messages from compromised accounts. Employees should also treat any link in an email, particularly from an external source, with extreme caution.

What should you do when you suspect a phishing scam?

Phishing email scams can range from being a frustrating nuisance to a national security threat—and they aren’t going away any time soon. But that doesn’t mean you can’t help fight their spread. If you find a suspicious email, you can help by forwarding phishing emails to spam@uce.gov or reportphishing@antiphishing.org.

Help stop digital scammers

Does reading about these scams make you want to fight back beyond reporting suspicious emails?  If so, you might be interested in learning about the information security field. If you’d like to learn more about the career opportunities available to would-be cybercrime fighters, check out our article, “5 Fascinating Infosec Jobs That Help Combat Cybercrime.


Gordon Hanson

Gordon is a freelance writer for Collegis Education who writes student-focused articles on behalf of Rasmussen College. He enjoys using the storytelling power of words to help others discover new paths in the journeys of life.

male writer

Related Content

This piece of ad content was created by Rasmussen College to support its educational programs. Rasmussen College may not prepare students for all positions featured within this content. Please visit www.rasmussen.edu/degrees for a list of programs offered. External links provided on rasmussen.edu are for reference only. Rasmussen College does not guarantee, approve, control, or specifically endorse the information or products available on websites linked to, and is not endorsed by website owners, authors and/or organizations referenced. Rasmussen College is a regionally accredited private college.

logo-accreditation-acen logo-accreditation-ccne chart-credential-laddering-healthcare-management 0 Credits 90 Credits 180 Credits 48 Credits Start Here HIGH SCHOOL GRADS Start Here TRANSFER STUDENTS Start Here SECOND DEGREE PURSUERS End Here ASSOCIATE’S DEGREE Start Here MASTER’S DEGREE PURSUERS End Here BACHELOR’S DEGREE End Here MASTER’S DEGREE chart-credential-laddering-rsb 0 Credits Start Here HIGH SCHOOL GRADS Start Here TRANSFER STUDENTS 90 Credits Start Here SECOND DEGREE PURSUERS End Here ASSOCIATE'S DEGREE 180 Credits End Here BACHELOR'S DEGREE chart-credential-laddering-rsd 0 Credits Start Here HIGH SCHOOL GRADS Start Here TRANSFER STUDENTS 91 Credits Start Here SECOND DEGREE PURSUERS End Here ASSOCIATE'S DEGREE 181 Credits End Here BACHELOR'S DEGREE chart-credential-laddering-rsjs 0 Credits Start Here HIGH SCHOOL GRADS Start Here TRANSFER STUDENTS 91 Credits Start Here SECOND DEGREE PURSUERS End Here ASSOCIATE'S DEGREE 180 Credits End Here BACHELOR'S DEGREE chart-credential-laddering-rsn 0 Credits Start Here HIGH SCHOOL GRADS Start Here TRANSFER STUDENTS 91 Credits Start Here SECOND DEGREE PURSUERS End Here ASSOCIATE'S DEGREE 181 Credits End Here BACHELOR'S DEGREE icon-colored-advance icon-colored-arrows-cross-curve icon-colored-build icon-colored-bulb-analytics icon-colored-certificate icon-colored-continual-development icon-colored-folder-mortarboard icon-colored-globe-pen icon-colored-growth icon-colored-hand-bubble icon-colored-head-blocks icon-colored-head-cog icon-colored-laptop-cbe-skyscraper icon-colored-laptop-webpage icon-colored-location-pin icon-colored-monitor-paper-scan icon-colored-national icon-colored-person-whiteboard icon-colored-police-light icon-colored-prep icon-colored-presenter icon-colored-regional icon-colored-save-time icon-colored-skyscraper icon-colored-state icon-colored-student-centered icon-colored-support icon-colored-world-experience icon-colored-outline-bank icon-colored-outline-certificate icon-colored-outline-circle-dollar-sign icon-colored-outline-folder-search icon-colored-outline-hand-heart icon-colored-outline-head-blocks icon-colored-outline-head-cog icon-colored-outline-head-heart icon-colored-outline-health-plus-leaves icon-colored-outline-hospital icon-colored-outline-light-bulb-analytics icon-colored-outline-magnifying-glass icon-colored-outline-monitor-healthcare icon-colored-outline-monitor-paper-search icon-colored-outline-nurse-rays icon-colored-outline-padlock-shield icon-bank icon-general-chart icon-general-connect icon-general-degree icon-general-discuss icon-general-email icon-general-find icon-general-hat icon-general-heart icon-general-laptop-building icon-general-laptop icon-general-leader icon-general-map icon-general-money icon-general-paperwork icon-general-people icon-general-phone icon-general-speak-out icon-head-heart icon-mglass icon-scales icon-camera icon-filter icon-info-circle icon-mail-forward icon-play-solid icon-quote-mark-left icon-quote-mark-right icon-share-square-o icon-spinner icon-tag rebrand-arrows ras-logo-flame ras-logo-horizontal ras-logo-stacked icon-simple-chat icon-simple-desktop icon-simple-find icon-simple-hamburger icon-simple-phone icon-testimonial-quotes icon-social-facebook-square-colored icon-social-facebook-square icon-social-facebook icon-social-google-plus-square icon-social-google-plus icon-social-instagram icon-social-linkedin-square-colored icon-social-linkedin-square icon-social-linkedin icon-social-pinterest-p icon-social-twitter-square icon-social-twitter icon-social-youtube-play-colored icon-social-youtube-play icon-util-checkbox-white icon-util-checkbox icon-util-checked-white icon-util-checked icon-util-chevron-down icon-util-chevron-left icon-util-chevron-right icon-util-chevron-up icon-util-language-switch icon-util-loading icon-util-open-window-button icon-util-open-window-link icon-util-pdf-button icon-util-pdf-link icon-util-refresh icon-util-x