Navigating the internet whether it be web1, web2, or web3, has always been tricky, especially in the earlier days of each iteration's adoption. Bad-actors wanting to make money off unassuming people trying out new technology. There are numerous ways scams are done on the internet, but you shouldn’t be deterred from using it as a tool, since while there are scams there are ways to avoid them.
In this lesson we will look into Phishing scams, a scam that can be used to target individual accounts or even companies and whole networks. By the end of this lesson you will be able to identify the characteristics of a phishing scam, and understand the basic ways to protect against it, and stay safe from phishing scams.
Phishing is one of the many ways that online hackers and scammers attempt to gain information from customers. It is a fraudulent practice that can occur via different means of communication including emails, SMS text messages, social media posts and fraudulent URLs. Attackers may brand themselves to be a legitimate enterprise and pretend to be that site. This is done to obtain sensitive information such as passwords and two-factor authentication codes. Within the crypto space, phishing scams usually target information pertaining to online wallets.
Phishing attacks are social engineering attacks and can have a wide range of targets depending on the attacker. They may take the form of a generic scam email looking for anyone with a PayPal account, such as in the example below, or phishing may also be a targeted attack focused on a specific individual.
Many different types of phishing scams exist. Here is a broad overview of some of the most common types:
Phishing is a popular cybercrime because of its efficacy, Stanford University IT even has a constantly updated list of Phishing scams that are being distributed to its network.
Cybercriminals, for years, have been successfully using emails, texts, direct messages and social media to get people to respond with their personal information. It is easy to fall prey to this attack due to the fact it effectively copies an entity that we usually trust, and that is why it is important to know what to look out for.
Identifying a phishing attack can be avoided by looking out for the following:
Now that we’ve learned about what to look out for, we need to know what to do next.
If you receive a suspicious email, here are some steps recommended by the University of Massachusetts IT:
When in doubt, always use security best practices:
Securing your personal and account information is essential. Regularly updating software and antivirus software are some of the most obvious ways to do so, but further action is required. Keeping apps and software updated is also essential, just make sure you are always downloading from legitimate sites. Users should also make use of two-factor authentication in order to protect themselves.
Users should be very cautious when it comes to using social media and the information that is shared thereon. Therefore, try to limit the personal information that you post to social media. A password manager is also a good practice when trying to keep information protected. Finally, users need to be very alert when it comes to emails from unrecognized senders which often contain links and attachments which may include malware.
Phishing emails, texts, etc. are designed to appear legitimate and get better all the time. Social engineering attacks - such as phishing, are designed to take advantage of a user's possible lapse in decision-making. Always watch-out for red flags like urgency, mismatched links and emails, and the request for sensitive information. Be aware and never provide sensitive or personal information through email or unknown websites, social media, or over the phone.
Hacken is a cybersecurity auditor born in 2017 with a vision of transforming Web3 into a more ethical place. With 5+ years of experience, hundreds of blockchain partners, and thousands of secured crypto projects, Hacken protects technological businesses and crypto communities worldwide with the most competitive suite of professional cybersecurity services.
Hacken in figures:
Strategic goal: get a 20% share in the Web 3.0 cybersecurity market by 2024.
For more on Hacken follow them on:
Twitter | Discord | Telegram | Hacken.io