What is phishing and how dangerous is it? | usagoldmines.com

Phishing is a form of cyberattack in which the threat actor “fishes for” victims, looking for places to deploy malware, or steal sensitive information from. It is one of the oldest practices in cybercrime, and revolves around baiting the victims into unwanted action.

While phishing is mostly delivered via email, it’s not the only avenue. Hackers can also engage in SMS phishing (Smishing), video message phishing (vishing), and more. Any communications format can essentially be used for phishing.

• Our definitive list of today’s best antivirus software
• Looking for even more protection? Grab the best VPN
• See why we rate Bitdefender so highly in our testing

An unwanted mail

When targeting people with phishing, crooks usually mimic legitimate communications from reputable organizations, making them more convincing, especially when the attacker possesses personal information about the target.

The messages also usually come with a sense of urgency, to lower the victim’s guard and have them spring into action. This is also a common tactic for the cybercriminals so be on your guard at all times.

So how does phishing work exactly?

Often the phishing scammer will make it seem like you must take immediate action, hoping that this may prompt you to act swiftly out of fear rather than considering the content of the email.

So let’s take an example: you might receive a message about an unpaid bill marked as urgent with a warning that your account is about to be canceled if payment isn’t made immediately. The invoice will be attached, and if you open it, curious as to what you owe and why the dummy file (it’s not an actual invoice) will infect your PC with malware.

A second example is an email that says something like: ‘Follow this link to log in and reset your password NOW because your account has been compromised, and your payment details are at risk.’

The irony is that if you do indeed click on that link and fall for the phishing attempt, you’ll be presented with a false (probably quite convincing) login portal. When you do enter your password and other personal details, they’ll be stolen, and your account really will be compromised.

How bad is it if you get phished?

Sticking with our above examples, if phishing tricks you into opening a malware-laden attachment, your system will be infected, and all manner of bad things could happen. For instance, you might fall victim to ransomware, which locks all your files away and demands a large payment to get them back (with no guarantee that will happen, even if you do pay out).

With our second example, the malicious party will have your username and password – possibly even your bank details – and will then be able to log in to your account, perhaps changing the password to lock you out when you next try to log in.

Depending on what service or subscription has been compromised, the fraudster may be able to take any number of actions. If it’s an online shopping site, for example, they could be able to order goods from it under your account.

A further danger is present for folks who engage in the poor security practice of using the same password for different accounts. The attacker may try the pilfered password with other services  – using your email as the username – and be able to log into those as well.

This is why you should never reuse the same password across multiple accounts (and if you’re stuck in terms of thinking up and remembering different passwords, try using one of the best password managers).

Tools to use to protect yourself

Phishing poses a significant threat to online security. To protect yourself, it’s of utmost importance to exercise caution and common sense when encountering online communication.

In times before generative AI, the usual red flags would include spelling errors, and unusual phrasing.

Nowadays, the best way to spot phishing (or at least suspect it), is to look for urgent demands, dubious links, and unwanted attachments. Even if a message appears to be from a known contact, it’s essential to verify its authenticity by contacting the sender directly (possibly through a separate channel).

Similarly, for messages purportedly from companies like Amazon, logging into your account and contacting customer support can help confirm their legitimacy.

On top of that, there are powerful tools such as two-factor authentication (2FA) to help you with combating phishing attacks. By requiring a second form of verification, such as a code sent to a mobile phone, 2FA adds an extra layer of security, making it difficult for attackers to gain unauthorized access, even if they have compromised a password.

Investing in robust antivirus software for both computers and mobile devices is another vital step. This software can detect and block malicious threats, including phishing attacks, malware, and harmful websites. By combining these strategies, you can significantly reduce your vulnerability to phishing attacks and protect your personal information.

Understanding the threat

Phishing poses a significant threat to online accounts and data security, exploiting social engineering tactics to deceive victims into compromising sensitive information. To mitigate this risk, it is important to exercise caution with any suspicious messages and implement strong security practices, such as two-factor authentication.

TechRadar Pro created this content as part of a paid partnership with Trend Micro. The content of this article is entirely independent and solely reflects the editorial opinion of TechRadar Pro.

• Read more: How to choose the best antivirus for you