How Do Hackers Hack Into Your Website?
One of the biggest fears that website owners have is getting hacked. The question most people want to know is how do hackers hack a website? There...
5 min read
Randy Lindberg : 07 Jan 2022
Phishing attacks appear to be on the rise. In fact, Forbes reported that Google registered more than two million phishing sites in the year 2020. This number is up 27% from the previous year. Cases of identity theft and malware attacks have also spiked making 2020 the worst year in terms of data breaches and cyber attacks. That said, below we’re sharing eight phishing attack examples you need to be aware of, and protect yourself from.
Any time you receive an email or phone call with a threat, or urgent matter related to an account of yours, it should be a red flag. Unfortunately, this is one of the most prevalent phishing attack examples. In many cases there will be a demand associated with the threat and you will feel a sense of urgency. The criminals are hoping to take advantage of your fear. They will ask you for sensitive data, and sometimes give you a weblink where you can login and “take care of the matter.”
The fix: Stay calm, and don’t click anything, visit unknown addresses, give any data, or pay for anything. Instead, do the following:
In most cases you will find that the caller or individual emailing you was not who they claimed to be. Bad actors often send fake emails and make phone calls in an effort to extort money or information out of their victims.
If you are at all concerned about your employees’ understanding of the importance of keeping your data secure, considering reaching out to Rivial Security for support with a social engineering test.
Sometimes we click links in search engines, on social media, and by other means thinking we are headed to an intended address. In truth, we’re headed to a fake website that has been made to look like the website you wanted to go to, but it’s not.
The fix: Use caution when clicking any link. It’s always best to type an address into your browser’s address bar to ensure you’re visiting the intended website. If you do click a link, look for the following warning signs to see if it’s a fake/spoofed site:
The best advice we can offer here is when in doubt, close the page!
This is one of the more recent phishing attack examples, and it involves creating fraudulent Wi-Fi access points. Essentially, the user thinks they are headed to a free and legitimate Wi-Fi hot spot, when in fact, one or more characters have been changed leading the user to a digital space that allows cybercriminals to eavesdrop. While you’re on “their network” they can see the websites you are visiting, steal your passwords, and monitor your activity for other sensitive data.
The fix: Either avoid free Wi-Fi hot spots completely, or at least confirm you have the correct information before blindly connecting. Also, when on a free Wi-Fi hot spot, never visit a website you have to log into such as your bank or even your Facebook. Read the FTC’s Tips for Using Public Wi-Fi Networks for more advice.
Another of the more recent phishing attack examples, phishing via smartphone typically involves sending a text message with a link to a fraudulent website. The most common fake text messages are to let you know about the status of a delivery via UPS, FedEx, or USPS. However, other examples include warnings of overdrafts and unauthorized access to your accounts.
The fix: Never click a link in your text messages. Instead, investigate the claim of the text by visiting the website directly, or by calling your bank (if applicable). And, if you didn’t order anything and aren’t expecting a delivery - it’s even more likely that the text was fraudulent.
Criminals are getting quite good at spoofing social media accounts. They copy every detail and even download the images of the person to create an account that looks identical to the person they are pretending to be. Then, they send a friend request to all the people on the actual person’s friends lists hoping no one will notice it’s a duplicate account.
The fix: Always check to see if you’re already connected with the matching account name. If so, it’s likely that it’s a spoofed account contacting you.
Another key indicator it’s fake is that they only have one or two, or even a handful of friends. Also look for a lack of updates, or several updates being posted within the last week. Finally, if you can - contact the actual person directly and ask them if they are the one who reached out.
Typically, this phishing technique involves fake ads or pop-ups with the hope you will click it and be directed to a malicious website. CSO Online explains that on some legitimate websites, cyber criminals will purchase advertising and place malicious ads in the space. The bad actors will place ads that “appear legitimate, [but] they have malicious code hidden inside them. Bad ads can redirect users to malicious websites or install malware on their computers or mobile devices.”
The fix: Use caution with every web click. And, if the ad says it is directing to a website, hover over the ad with your mouse and see what the address is that you will actually be directed to. As always, the best option is to type a web link directly into your address bar to ensure you are going where you intend to.
This phishing technique has been around for decades, and is often referred to as the Nigerian email scam. You receive an email or phone call saying you won a prize, or that you are receiving an inheritance. All you have to do is give your bank account information.
The fix: If it seems too good to be true, odds are it’s a phishing attempt. Never give your banking details to an unknown caller.
Luckily, most people are getting wise to phishing attack examples like this. However, for those who aren’t aware, the way these warnings work is you receive a phone call or an email that you are being investigated for a crime or violation of some penal code.
The fix: Government and law enforcement officials will never email you or call you as a first method of contact in the event you are actually being investigated. And, they will never demand payment to settle a claim via email or phone either.
Over to you - were you aware of these common phishing attack examples? Or did some of these surprise you? If you know someone who could benefit from seeing this post, please share it with them. We all must do what we can to protect ourselves from nefarious individuals. Hopefully, this post will inspire you to be a little more careful when interacting online and answering phone calls.
Looking for support on understanding how phishing attacks can harm your business? Get an IT Risk Assessment from Rivial Security or schedule a strategy session with us today:
One of the biggest fears that website owners have is getting hacked. The question most people want to know is how do hackers hack a website? There...
In a recent post, we covered HIPAA Compliance, and everything your business needs to know if it is handling any kind of data related to patients...
What is an IT Audit? How many of you know what an IT Audit is? An IT audit is that dreaded task that institutions must perform once a year to make...