With the increasing online activity all around the world, Cyber Attacks have become more frequent now more than ever. In this context, today, we shall be discussing Phishing, what it is and how to check if you got phished by someone.
What is Phishing?
Phishing is a type of cybercrime in which a target or group of targets are contacted via email, telephone, or text message by an impostor posing as a legitimate and trustworthy institution to lure individuals into providing sensitive data such as personal information, banking, and credit card details, usernames and passwords.
The year 2020 was a boon for cyber criminals because they went all out to exploit the vulnerabilities caused by the shift to remote work culture. According to a survey by SecurityBoulevard in 2020:
- Approximately 85% of all organizations were been hit by a phishing attack at least once.
- About 30% of phishing emails are opened by users, and 12% of these targeted users click on the malicious link or attachment.
- Around 97% of the users were unable to recognize a sophisticated phishing email.
- A single spear-phishing attack results in an average loss of $1.6 million.
How to check if you got Phished?
A phishing attack usually begins in the form of online communication and the message is structured in such a manner that the user is somehow compelled to click on certain links and buttons which are designed by the attacker.
Phishing Red Flags
The first step towards identifying whether you have been phished or not is to check for the red flags which are quite detectable with phishing attacks:
- Requesting your sensitive information via email:
Legitimate companies never send you emails with links asking for your passwords, bank details, tax numbers, etc. So, if you receive an email asking for these, it is probably a scam.
- Emails with illegitimate links and attachments:
Often, phishers include link text that appears legitimate but when you mouse over the link, you’ll see the actual URL to which it will take you. Also, authentic institutions don’t send you random emails with attachments, instead, they direct you to download documents or files on their own website. So, always be on the lookout for suspicious links and attachments in an email.
- Emails sent from public email domain:
Always check for the email address of a sender because no legitimate organization will ever send you emails from an address that ends ‘@gmail.com’. They have their company emails often ending in “@companyname.com”.
- Sense of urgency:
Phishers want you to act first and think later and so they create a sense of urgency in their emails forcing you to quickly click on malicious links. Legitimate bodies don’t do this, so you should be instantly suspicious when you see it.
Signs that you have been Phished
If despite all your efforts, you somehow end up being a victim of a Phishing attack, it is very important to know that you have been phished. Here are some signs which confirm that you have been phished:
1. Identity Theft: This is the most common sign of a phishing attack. A phisher gains your personal information through a phishing attack and then uses this information to gain unauthorized access and steal other valuable items in your name. So, if you see any unknown access to any account on your behalf, quickly report to the concerned authorities.
2. Unfamiliar Transactions: This is the main motive of most phishing attacks. A phisher gains access to your bank details through a phishing attack and then uses these credentials to steal all your money and make unauthorized transactions from your account. So, if you notice any unfamiliar transactions from your account, it might be the work of a phisher.
3. Locked Accounts: This is another sign that you might be a victim of a phishing attack. After gaining access to your personal information, a phisher might lock you out of your own accounts. So, if you are unable to access certain online accounts or banking accounts that you had access to previously, immediately contact the concerned organizations and warn them about a phishing attack possibility.
These are the three checks that you can do to ensure whether you have been phished or not. If you are sure that you have been Phished and a scammer has your personal information, such as your Social Security number, credit card details, or bank account number, you can go to IdentityTheft.gov. There you will receive specific instructions based on the information that you lost.
Frequently Asked Questions: How to check if you got phished?
How to prevent Phishing Attacks?
Phishing Attacks mainly take place through suspicious emails, so, you should always check an email message before opening it and clicking on any links, or downloading any attachments. Also, always double-check before providing confidential details to anyone. Besides this, keeping your software updated and installing an antivirus also helps in preventing Phishing attacks.
Do Phishing attacks only take place via email?
No, Phishing attacks can also occur through phone calls, text messages, instant messaging, or malware on your computer which can track how you use your computer and send valuable information to identity thieves.
What kind of information should I protect?
You should protect all your sensitive and confidential data such as usernames, passwords, personal information, bank details, credit/debit card details, and any other information that is of value to you.