How to Identify Three Common Phishing Scams

By on

Time and time again, phishing scams have gotten the best of us. Take the recent W-2 attacks that are everywhere this tax season, or the  phishing scam affecting Gmail users. Google was required to release a patch within Chrome to address the problem, but the scam was surprisingly simple – just an email linking to a password reset page identical to the one used by Google. Who wouldn’t fall for that?

Phishing scams don’t require a lot of effort from cybercriminals, and yet, they continue to work. As a matter of fact, this style of cyberattack has been around since the dawn of the internet, with the earliest instance of phishing attacks dating back to the dial-up days of AOL. Fast forward to modern day, and phishing scams still remain one of the go-to attack vectors for cybercriminals around the world. But before we discuss how to fight back against these attacks, let’s first dive into what a phishing scam is.

What is a Phishing Scam, Exactly?

The name “phishing” originates from attackers’ use of fake emails and urls to “bait” victims into divulging personal information, typically via social engineering (a technique used by crooks to deceive and manipulate users into trusting them). Like a fisherman uses worms to draw in the day’s catch, criminals use dozens of forged digital assets to steal user’s login information, credit card numbers, and just about anything else that can be pounded into a keyboard. And it’s not only emails—today’s phishing attacks can come from multiple vectors, including smartphone apps and phone calls.

How Do They Work?

The way phishing scams operate is pretty straightforward. Once a victim has fallen for the ploy and unsuspectingly entered their personal information within a forged site or as a response to an email, the attacker then uses that information for personal gain. Damages can include emptying bank accounts, identity theft, ransomware infection, and/or personal information being sold on the Dark Web to the highest bidder.

With that much at stake, it’s crucial to learn what the common and current phishing scams are that you need to keep an eye out for. Here are the three to have on your radar:

  • Cloud Storage Phishing. Cloud service providers such as Amazon, Google, and Dropbox have recently become the target of phishing scammers. Generally, the scammers send victims attachments requesting that the user log-in to their cloud provider through a dummy portal, capturing private log-in information in the process. And since so many of us trust the cloud with our personal data, make sure you stay vigilant when an unknown attachment comes through. 
  • Mobile Phishing. More and more phishing scammers are shifting their focus towards attacking users through their smartphones, since mobile applications have become ideal vectors for attack. It’s easy, really—unsuspecting users just download forged applications loaded with malware, and crooks then actively capture personal information and trick users into divulging passwords. So, make sure you protect yourself by always reading app reviews before downloads, keep security settings kicked into high gear, and consider adopting a reliable, mobile security solution immediately—like McAfee Mobile Security.
  • Email Phishing. Email phishing attacks are a cybercriminal’s bread and butter. And they work on almost everyone. From business executives, to internet surfers at home, anyone who opens an unknown email and trusts its content is vulnerable to this classic manipulation. So how do you discern a real email versus a phishing scam? The best way to fight back is by staying educated on the signs, and by being skeptical. Make sure you check the URL for legitimacy. Hover over the link to see if it might be fake, and if it seems remotely sketchy, don’t click. Additionally, stay up to date on cybersecurity news to keep in the loop on the newest kind of phishing emails coming to inboxes. And most importantly, remember – if you don’t know the sender, err on the side of caution before you share your personal data with them.

And, of course, stay on top of the latest consumer and mobile security threats by following me and @McAfee_Home on Twitter, and ‘Like’ us on Facebook.

Categories: Consumer Threat Notices
Tags: ,

Leave a Comment

Similar articles

Sports fans everywhere look forward to mid-March for the NCAA men’s college basketball tournament. However, it’s not just college basketball fans that look forward to this time of year. Cybercriminals use March to launch malicious campaigns in the hopes of gaining access to personal information from unsuspecting fans. Let’s take a look at the most ...
Read Blog
The risk to your family's healthcare data often begins with that piece of paper on a clipboard your physician or hospital asks you to fill out or in the online application for healthcare you completed. That data gets transferred into a computer where a patient Electronic Health Record (EHR) is created or added to. From ...
Read Blog
It's that time of year again – tax season! Whether you've already filed in the hopes of an early refund or have yet to start the process, one thing is for sure: cybercriminals will certainly use tax season as a means to get victims to give up their personal and financial information. This time of ...
Read Blog