As you have just read about digital footprints you are probably now far more aware of how much time we spend online and the many details that we reveal about ourselves. The bigger our online footprint is the more susceptible we are to a certain type of online scam that you may be aware of or have possibly experienced, known as phishing.
What is phishing?
Phishing is a form of social engineering attack often used to steal user data, such as login details and credit card numbers. It often occurs when an attacker, masquerading as a trusted entity, possibly your bank, social media or service provider tricking you into opening an email or message.
This video discusses many of the common examples of Phishing such as mass e-mail Phishing (often just referred to as Phishing), Spear Phishing and Smishing.
Other forms of phishing
HTTPS phishing
Often included as part of e-mail phishing this is something to be wary of when you are on any site. Most legitimate organizations use HTTPS instead of HTTP because it is considered safer and establishes legitimacy. If it’s posing as a site you already know, search for that site on a separate tab and compare the URL’s to see that they match.
For example, the address for Canvas, if you clicked on a link and the address began with http rather than https it could be unsafe:
Correct: https://canvas.hull.ac.uk/
Potentially unsafe: http://canvas.hull.co.uk/
They may also use hypertext which is a “clickable” link embedded into the text to hide the real URL. When checking the link make sure that it’s in its original, long-tail format and shows the whole URL, double click on the URL so the full format shows.
Search engine phishing
Sometimes known as SEO poisoning or SEO trojans, is where hackers work to become the top hit on a search using google or other engines. If they get you to click their link, it takes you to their website. When you interact with it and enter sensitive data, they have your information. Hacker sites can pose as any type of website, but are usually banks, PayPal, social media, and shopping sites.
Vishing
You may receive a call on your phone maybe claiming to be your bank or government authority demanding your details or payment with a threat of legal action if you don’t comply. This is to create a heightened sense of urgency that may make a person take actions against their best interests. This can also happen online as well maybe you will get a message, or a warning pop-up often on unsafe sites as previously mentioned, you should not click on these links.
Prevention and protection against Phishing
If you do fall victim to phishing, you can protect yourself through two-factor authentication (2FA) which adds an extra verification layer when logging in to applications. 2FA relies on two verifiers: something you know, like a password and username, and something you have, such as a smartphone or credit card. If you lose one layer of protection or your phone is stolen, 2FA prevents the use of compromised data or credentials, since one verifier will not gain you entry. You may also sometimes have a third verifier something you are which is either a fingerprint, an iris scan, or a voiceprint.
Other methods to prevent or protect against phishing include frequently changing your password and not reusing the same password for different applications.