Did you know that almost 60% of all emails are spams? Most of the unsolicited emails are rather benevolent but still pretty boring, such as those offering dating services or those selling healthcare products.
However, some of the spammy emails are sent by real thieves hoping to hijack the users’ accounts. Cybercriminals use a tactic called phishing which enables them to trick the users into giving away their email accounts.
How Do Phishing Schemes Work?
Phishing schemes have been around for a long time. In fact, they started appearing as soon as email became one of the most common means of communication. What makes them scary is that the email services are still having troubles properly identifying them, even though no one can deny they haven’t been doing their best.
Of course, most of the phishing emails end up away from the user’s inbox folder thanks to the spam filtering. However, from time to time, some of those messages manage to sneak into the inbox. If that happens, the user’s online security lies in their own hands. To be able to properly protect yourself against phishing scams, you need to learn how they work.
Basically, cybercriminals will send you an email saying that you need to provide them with your account details and/or other types of personal info. In return, they promise you will get some reward, whether it’s money or a gift voucher.
More elaborate schemes include links to the sites that are almost identical copies of legit websites. You will be asked to log in to your account on those sites, but the only thing you will be doing is giving away your login credentials to cybercriminals. It is estimated that over 1.4 million of phishing websites get created on a monthly basis. Apart from sending phishing messages via email, cybercriminals have been known for doing basically the same on social media.
Examples of Phishing Schemes
To help you understand properly how these schemes work, it’s best to take a look at some of the most notable examples of phishing attacks. For example, phishing emails that claim to give away prizes are pretty common. You may receive a seemingly legit email from a sender claiming to work for a legit site such as Amazon, PayPal, Skrill or any other website where some kind of money transactions are involved.
The emails will claim that you have won a prize, which you can only claim if you provide them with your account details. If you fall for it, you will give away the hackers your account, where you might have some money, which they will then transfer to their own accounts.
A more elaborate phishing scheme example is the one used for hijacking your email account. Usually, there’s a link in the email, which will open a page that looks very similar to the main page of Gmail or whichever email service you’re using, asking you to log in.
This can make you think that something went wrong with the email service along the way and that you’ve gotten logged out by mistake. To log back in, you will type in your password, but, you won’t get logged in Gmail – instead, you will give your password to the cybercriminals.
In turn, this will get them an immediate access to your account. Once they’re there they can steal your emails or simply change the password so that you can’t log in to your own email account. To give you the account back, they will ask money.
Is There a Defense Against Phishing Attacks?
Although email services do a fairly good job keeping the hackers away, they’re not capable to spot every single phishing email. This is why you a smart solution would be to install an antivirus which has an anti-phishing feature. This way, you will be able to add to your online security. However, sometimes even that isn’t enough. Unless you learn how to spot them, you’ll be in danger.
The rule of thumb is that if you receive an email with an offer that’s too good to be true, it probably isn’t true. Another way to recognize phishing schemes is that their websites are usually not very good. After all, they use it only for a short period of time, which is why you can be certain that the website will look bad and contain poorly-written articles, full of spelling and grammar errors.
“Better safe than sorry” is the rule when it comes to phishing schemes. So, if you receive a suspicious email, you should do a Google search on the sender and see whether someone has already reported them for phishing.