Phishing remains the most common cyber threat faced by both businesses and individuals. According to statistics aggregator Statista, nearly 9 million phishing attacks were detected worldwide in 2023. As technology continues to advance, bad actors have begun utilizing the latest tools to make these attacks more deceptive and harder to spot. The best armor a business owner or regular consumer can have against them is updated knowledge of how they work.
Here’s a closer look at some of the most common types of phishing scams fraudsters use and how they typically unfold. Look for these warning signs and protect yourself from devastating financial loss before it’s too late:
1. Email Phishing
Email phishing is one of the most prevalent forms of cyber threats today. In this type of scam, attackers send fraudulent emails that appear to come from reputable sources, such as banks, online services, or well-known companies. Their goal is to trick recipients into clicking on malicious links or providing sensitive information, such as passwords or credit card numbers. These emails often create a sense of urgency and prompt the recipient to take immediate action, such as verifying their account information or confirming a transaction.
Typical signs of email phishing scams include generic greetings, spelling and grammatical errors, and suspicious links that do not match the sender’s domain. If an email requests sensitive information or prompts immediate action, it’s a strong indicator that it may be a phishing attempt.
To reduce your likelihood of falling victim to email phishing scams, make it a habit to always verify the sender’s email address. Legitimate businesses will typically use official domain names that match their websites and avoid using free email services for business communications.
For instance, Maya—a leading fintech company in the Philippines—will only send communications from email addresses ending in @maya.ph, making it easy for consumers to identify legitimate correspondence. In addition, users must remember that Maya will never send links via email. Maya security measure issuances like these are just a couple of the many protocols and safeguards the company has implemented to ensure their users’ full security.
2. SMS Phishing
SMS phishing, commonly referred to as smishing, involves sending deceptive text messages. Similar to email phishing, this scam tricks individuals into revealing personal information or tapping on malicious links using their smartphones. These texts often impersonate reputable companies, such as delivery services or financial institutions, and may include enticing offers or urgent alerts about account issues to capture the recipient’s attention.
Common signs of smishing scams include unsolicited messages that request personal information, generic greetings, and links that seem suspicious or unrelated to the content of the message, although some smishers may even be able to include names in the text.
To protect yourself from smishing scams, it’s best not to click on links or respond to any unsolicited messages. Remember that a company like Maya would also never send links to users via SMS. If this ever happens to you, the best course of action is to verify the information by contacting the company directly through their official channels. If the message is not from them, immediately block the suspicious number and report the incident to the organization the fraudster is impersonating.
3. Voice Phishing
Voice phishing (or vishing) is when fraudsters use phone calls to trick individuals into divulging personal information. Scammers typically pretend to be representatives from banks, government agencies, or the tech support arm of a business, claiming urgent issues that require users’ immediate attention.
Scammers are often very pushy about prompting victims to share sensitive data, such as their social security numbers, bank account details, or passwords. Nowadays, it may be even harder for users to tell scammers from legitimate agents because of how articulate, knowledgeable, and professional the former may seem on the phone.
Always be alert whenever you receive unsolicited calls from unfamiliar numbers. Should you decide to answer, be aware of whether the caller is asking for sensitive information while placing you in a high-pressure situation, as this is a tactic to discourage you from taking time to think about or verify the caller’s identity.
Make it a point not to share any personal information over the phone with an unverifiable source; it’s better to hang up and contact the organization that the person claims they are calling on behalf of. A legitimate representative from a company like Maya would emphasize that all concerns about your transactions should be done through the app.
4. Man-in-the-Middle (MITM) Phishing
Man-in-the-middle (MITM) phishing occurs when an attacker secretly intercepts and relays communication between two parties, often without either party realizing that the connection has been compromised. This type of attack typically takes place over unsecured networks, such as public Wi-Fi, where the fraudster can capture information like login credentials and personal data.
The tell-tale signs of MITM phishing include unexpected disconnections, unusual error messages when trying to access secure sites, or being prompted for additional verification when logging in. If you notice any of these while using public Wi-Fi, it may indicate that your connection has been compromised.
The best way to protect yourself from MITM phishing is to avoid using public Wi-Fi for sensitive transactions, like bank or e-wallet transfers, whenever possible. If you must use a public network, ensure you’re using a Virtual Private Network (VPN) to encrypt your data. A VPN will create a secure tunnel for your internet traffic, shielding your data from prying eyes and making it significantly more difficult for attackers to intercept your communications.
5. Search Engine Phishing
Search engine phishing is a tactic in which attackers create fake websites that rank highly in search engine results, tricking users into clicking on them instead of legitimate sites. These fraudulent pages often mimic well-known brands or services, leading victims to believe they are accessing the real website. Once on these fake sites, users may be prompted to enter personal information or download malicious software, which can swiftly lead to identity theft or financial loss.
To avoid falling victim to search engine phishing, always scrutinize URLs before clicking on search results. Look for signs of legitimacy, such as proper spelling and relevant domain extensions like .com, .org, or the specific country code for local businesses. For example, Maya’s legitimate site URLs are MayaBank.PH and Maya.PH only.
You should also look for the presence of HTTPS in the address bar, as this means that the communication between the browser and the website is encrypted and is usually a good indicator that the connection is secure. If you’re unsure about the link, consider hovering over it to reveal the actual URL in the status bar of your browser without having to click it.
Now, more than ever, users of applications like mobile banking and e-wallet apps should be vigilant and learn about the best practices for online safety. Knowledge is the best protection against falling victim to cyber threats like phishing scams and protecting one’s private information and assets.