7 Facts About Cyber Security and Phishing

Blog Post10/08/2015
Identity Protection

Be it a text from mom, an instant message from a friend or a seemingly harmless email, cybercriminals rely on human nature to get ahold of your financial information through the most common form of cyber attacks — phishing. Because it’s such a pervasive problem, the Department of Homeland Security named October as National Cyber Security Awareness Month to educate the public in all the ways cybercriminals use the names of trusted brands to take advantage of consumers. Understanding the facts about phishing can help change your online habits for the better.

1. Phishing Scams Rely on Brand Name Recognition 

In 2013, cyber security studies found that one-third of all phishing attacks are aimed at stealing your money. More than 30 percent of attacks used the names of leading banks, payment systems and online stores, including MasterCard, Visa and American Express. The most common brand name used that year was Amazon.com, with Apple and eBay rounding out the top three.

2. Social Networking Sites are at Risk

Phishing is not limited to email and website pop-ups. Links in online ads, status updates, tweets and Facebook posts can lead you to criminal portals designed to steal your financial information. Forwarded information from friends and family across social networks can also perpetuate dangerous cyber scams. The best way to protect yourself is to avoid clicking on questionable links or entering login or financial information on a website that requires you to navigate to a separate site.

3. Beware of Misspelled Domain Names

Phishing scams tied to brand names often make use of similar web addresses to take advantage of misdirected web traffic. The difference of a single character in an URL can lead you to a website that appears almost identical to a legitimate website for a brand, but it’s actually run by cybercriminals. Pay attention when you transact business online, and keep an eye on your credit report to watch for signs of suspicious activity that could be the work of cybercriminals and thieves.

4. Cybercriminals Can Hide Website Addresses

Hovering your mouse over a link to verify the link’s address before you click on it isn’t a safe way to ensure the link isn’t part of a phishing scam. Cybercriminals can use special programming to hide or change the real address of a website. Be wary of emails with links or attachments that contain no further information and consider using http://longurl.org/ to expand short links.

5. Criminals Use Legitimate URL

Years ago, seeing a website address that began with “HTTPS” almost ensured an authentic website, but that’s no longer the case. Cybercriminals also purchase website security certificates to trick you into thinking that this use of security protocol means the website hosting the phishing scam is legitimate.

6. You Can’t Always Spot a Scam At First Sight

Don’t expect to identify a phishing scam through text riddled with grammar and spelling mistakes. That was a hallmark of old-school cybercriminals. The scammers of today have access to sophisticated phishing tool kits that spell check and clone actual websites — making it harder to identify a scam at first glance. Even if the site or email appears to be from an enterprise you do business with, call their customer support to see if they sent you a message and never send personal information over email.

7. Phishing Sites Can Hide from Search Engines

In an ideal world, search engines could always identify and block phishing sites and associated content. Unfortunately, the phishing tool kits available to cybercriminals can block search engines from recognizing phishing sites, even when a site is a clone of a legitimate brand site.

Consumers can’t rely on third parties to protect them from these types of scams, but they shouldn’t be paranoid about navigating the web either. Careful browsing, frequent credit checks with a credit bureau and following these tips are some of the best ways to stay safe when navigating the Internet.

Disclaimer: The information posted to this blog was accurate at the time it was initially published. We do not guarantee the accuracy or completeness of the information provided. The information contained in the TransUnion blog is provided for educational purposes only and does not constitute legal or financial advice. You should consult your own attorney or financial adviser regarding your particular situation. For complete details of any product mentioned, visit transunion.com. This site is governed by the TransUnion Interactive privacy policy located here.