Be it a text from mom, an instant message from a friend or a seemingly harmless email, cybercriminals rely on human nature to get ahold of your financial information through the most common form of cyber attacks — phishing. Because it’s such a pervasive problem, the Department of Homeland Security named October as National Cyber Security Awareness Month to educate the public in all the ways cybercriminals use the names of trusted brands to take advantage of consumers. Understanding the facts about phishing can help change your online habits for the better.
1. Phishing Scams Rely on Brand Name Recognition
In 2013, cyber security studies found that one-third of all phishing attacks are aimed at stealing your money. More than 30 percent of attacks used the names of leading banks, payment systems and online stores, including MasterCard, Visa and American Express. The most common brand name used that year was Amazon.com, with Apple and eBay rounding out the top three.
2. Social Networking Sites are at Risk
Phishing is not limited to email and website pop-ups. Links in online ads, status updates, tweets and Facebook posts can lead you to criminal portals designed to steal your financial information. Forwarded information from friends and family across social networks can also perpetuate dangerous cyber scams. The best way to protect yourself is to avoid clicking on questionable links or entering login or financial information on a website that requires you to navigate to a separate site.
3. Beware of Misspelled Domain Names
Phishing scams tied to brand names often make use of similar web addresses to take advantage of misdirected web traffic. The difference of a single character in an URL can lead you to a website that appears almost identical to a legitimate website for a brand, but it’s actually run by cybercriminals. Pay attention when you transact business online, and keep an eye on your credit report to watch for signs of suspicious activity that could be the work of cybercriminals and thieves.
4. Cybercriminals Can Hide Website Addresses
Hovering your mouse over a link to verify the link’s address before you click on it isn’t a safe way to ensure the link isn’t part of a phishing scam. Cybercriminals can use special programming to hide or change the real address of a website. Be wary of emails with links or attachments that contain no further information and consider using http://longurl.org/ to expand short links.
5. Criminals Use Legitimate URL
Years ago, seeing a website address that began with “HTTPS” almost ensured an authentic website, but that’s no longer the case. Cybercriminals also purchase website security certificates to trick you into thinking that this use of security protocol means the website hosting the phishing scam is legitimate.
6. You Can’t Always Spot a Scam At First Sight
Don’t expect to identify a phishing scam through text riddled with grammar and spelling mistakes. That was a hallmark of old-school cybercriminals. The scammers of today have access to sophisticated phishing tool kits that spell check and clone actual websites — making it harder to identify a scam at first glance. Even if the site or email appears to be from an enterprise you do business with, call their customer support to see if they sent you a message and never send personal information over email.
7. Phishing Sites Can Hide from Search Engines
In an ideal world, search engines could always identify and block phishing sites and associated content. Unfortunately, the phishing tool kits available to cybercriminals can block search engines from recognizing phishing sites, even when a site is a clone of a legitimate brand site.
Consumers can’t rely on third parties to protect them from these types of scams, but they shouldn’t be paranoid about navigating the web either. Careful browsing, frequent credit checks with a credit bureau and following these tips are some of the best ways to stay safe when navigating the Internet.