BERLIN: Boring-looking bank emails and would-be family members in distress are just two of the ways that cybercriminals like to fool people into sharing passwords and credit card details.
Alarm bells should always be ringing when a service or person asks for your password, especially for your online banking service, but also for your social media login details or phone number.
Criminals are still targeting the unwary by email to lure them to fake websites, and yet they have also moved far beyond that these days.
Here are an overview the various kinds of phishing techniques that are being used and what you can watch out for:
The relative in need of help: Someone posing as an old friend or relative gets in touch with you on Facebook or some other social media platform, asking for help (or usually money). Often, they will say they they have lost their phone and all their money, explaining why they get in touch with an account or number you don't know.
Smishing: Smishing (a neologism made up of SMS and phishing) is when cybercriminals send a text message baiting recipients into handing over their login data. One widespread scam involves a text message telling you that your package needs to be picked up. Don't click on the link! - Spear phishing: This describes targeted data fishing attacks that focus on a specific group of people, such as staff at a company. If your name and company email address can be found online, then you might get an email that looks like it's from your own company. Watch out for typos, dodgy-looking formatting and unusual requests to log in.
Whaling: This is the term used to describe phishing attacks on big fish, meaning particularly wealthy victims. These attacks will often involve lots of preparation and, like spear phishing, often be targeted specifically at one person.
Vishing: This technical term is a combination of voice and phishing and means nothing other than manipulation and fraud attempts via telephone calls. Often an unknown number will call you and begin an automated recording. Another classic example is of someone pretending to be from Microsoft IT offering to help with something that has been slowing your computer down.
Cybercrime experts recommend two ways you can protect yourself.
1. Never let yourself to be pressured into action.
2. If a would-be company or person wants something from you, then first follow up with a phonecall to a number you can be sure you can rely on.
If worst comes to worst, block any accounts that may have been affected and change your passwords as soon as possible.
Also, secure evidence and file a criminal complaint. If money has been stolen, report the damage to your bank and check if you have insurance that covers phishing attacks. – dpa