Categories
Information literacies Skills Team TechItUpTuesday

Phishing, don’t take the bait

#TechItUpTuesday

What is phishing?

If you want to stay safe online you should always be on the lookout for scammers. Phishing is a form of social engineering attack or scam often used to steal user data, such as login details and credit card numbers. It often occurs when an attacker, masquerading as a trusted entity, possibly your bank, social media, or service provider tricking you into opening an email or message. 

Cartoon Fish GIF by Luis Ricardo - Find & Share on GIPHY

This video discusses many of the common examples of Phishing such as mass e-mail Phishing (often just referred to as Phishing), Spear Phishing and Smishing.

Other forms of phishing

HTTPS phishing

Often included as part of e-mail phishing this is something to be wary of when you are on any site. Most legitimate organizations use HTTPS instead of HTTP because it is considered safer and establishes legitimacy. If it’s posing as a site you already know, search for that site on a separate tab and compare the URLs to see that they match.

For example, the address for Canvas, if you clicked on a link and the address began with HTTP rather than HTTPS it could be unsafe:

Correct: https://canvas.hull.ac.uk/

Potentially unsafe: http://canvas.hull.co.uk/

They may also use hypertext which is a “clickable” link embedded into the text to hide the real URL. When checking the link make sure that it’s in its original, long-tail format and shows the whole URL, double click on the URL so the full format shows.

Search engine phishing

Sometimes known as SEO poisoning or SEO trojans, is where hackers work to become the top hit on a search using google or other engines. If they get you to click their link, it takes you to their website. When you interact with it and enter sensitive data, they have your information. Hacker sites can pose as any type of website but are usually banks, PayPal, social media, and shopping sites.

Vishing

This is when you may receive a call on your phone maybe claiming to be your bank or government authority demanding your details or payment with a threat of legal action if you don’t comply. This is to create a heightened sense of urgency that may make a person take actions against their best interests. This can also happen online as well maybe you will get a message, or a warning pop-up often on unsafe sites as previously mentioned, you should not click on these links.

Identity Fraud GIF by Team Coco - Find & Share on GIPHY

Prevention and protection against Phishing

Protection

The best protection is awareness and education, if you are aware and careful you will likely never fall victim to this scam. Don’t open attachments or links in unsolicited emails, even if the emails came from a recognized source. If the email is unexpected, be wary about opening the attachment and verify the URL.

Star Wars Tech GIF by UAB Information Technology - Find & Share on GIPHY

Protection

If you do fall victim to phishing, you can protect yourself through Two-factor authentication (2FA) which adds an extra verification layer when logging in to applications. 2FA relies on two verifiers: something you know, like a password and username, and something you have, such as a smartphone or credit card. If you lose one layer of protection or your phone is stolen, 2FA prevents the use of compromised data or credentials, since one verifier will not gain you entry. You may also sometimes have a third verifier something you are which is either a fingerprint, an iris scan, or a voiceprint. 

Other methods of protection against phishing include frequently changing your password and not reusing the same password for different applications. So stay safe online and don’t bite when phishers come phishing.