Understanding phishing attacks, their tactics, susceptibility, and protective measures to safeguard your information online.

Phishing is deceptive tactic used by cybercriminals to trick individuals into revealing sensitive information or granting access to secure networks. These scams typically arrive as convincing emails, text messages, or phone calls, where attackers pose as trusted individuals or organizations. Successful phishing can lead to data breaches, service disruptions, identity theft, malware infections, or ransomware attacks.

Susceptibility

The higher the susceptibility or vulnerability, the more likely someone is to fall victim to phishing scams. Here are some factors that make a person susceptible:

  • Unfamiliarity with cyber threats and inadequate protection measures.
  • Complacency — believing they can easily spot scams.
  • Rushing or stress — acting impulsively and missing red flags.
  • Complying with requests from perceived authorities without questioning.
  • Lack of understanding of phishing tactics.
  • Oversharing on social media.
  • Weak passwords and infrequent updates.

The anatomy of a phishing attack

Phishing comes in various forms, each designed to bait you into revealing sensitive information or taking harmful actions through crafted messages featuring desirable promises or urgent requests. Here are the main types to watch out for:

  • General Phishing: The most common type, where attackers use generic tactics.
  • Spear Phishing: Targeted attacks through highly personalized messages.
  • Whaling: Spear phishing aimed at high-profile targets like CEOs or CFOs.
  • Vishing: Phone scammers posing as tech support or your bank.
  • Smishing: Urgent requests via text messages with malicious links.

Spotting the bait

Here are some tips to help you spot phishing attempts:

  • Hover over the sender’s email address to check for legitimacy.
  • Look for discrepancies between the sender’s name and their email signature.
  • Generic greetings like “Dear Customer” are common in phishing attempts.
  • Check for low-quality logos or inconsistent visual elements.
  • Hover over links to preview URLs before clicking.
  • Be cautious of emails sent outside typical business hours.

    Protecting yourself from phishing

    Strengthen your defences

    Implement robust network security measures:

    • Use a Virtual Private Network (VPN).
    • Install browser extensions that detect fraudulent sites.
    • Enable Two-Factor Authentication (2FA).
    • Regularly update antivirus software and applications.
    • Check your email provider for authentication protocols.
    • Block known malicious domains and IP addresses.

    How to respond to phishing attempts

    If you encounter a phishing attempt:

    • Don’t engage with links or attachments.
    • Alert the impersonated person or organisation.
    • Move the message to spam and block the sender.
    • In Australia, report to Scamwatch or the Australian Cyber Security Centre.

    Staying informed and adopting strong cybersecurity practices is essential to protect from phishing attacks. Always be vigilant when handling sensitive information online.