Did you know that 47 percent of American adults have been victims of cyber scams? The statistics are eye-opening, especially considering that 65 percent of Americans who go online receive at least one scam offer. Let’s explore what you can do now to protect yourself from hackers and cyber scams.
Top Types of Phishing Cyber Scams
Phishing cyber scams are when an attacker attempts to trick you into providing them with sensitive login information about an account. There are a wide variety of different types of phishing threats.
- Vishing – Vishing is voice phishing involving someone calling you to steal information directly. The attacker may appear to be a legitimate company, delivery company, government agency, non-profit organization, friend or a distant relative. Never give any information over the phone unless you initiate the call. And if someone leaves a callback number, research this number online to see if it’s valid. There are many scams for vishing involving hackers pretending to be from Amazon to verify payment information, credit card companies and even Microsoft. Be vigilant and aware when answering unsolicited phone calls. Many hackers will use social engineering to manipulate victims into giving their information. For example, a hacker may call claiming to be from your bank and say that if you don’t take immediate action, your account will be frozen and your ATM card rendered useless.
- Spear Phishing – Spear phishing targets individuals or an organization, and they try to steal your login credentials. Before an attack, the cybercriminal will gather information about you, including your name, contact information and job position. For example, an attacker told a victim they needed to sign the new employee handbook via a link. The link was to lure them into submitting private information online. If you don’t know the person that sends you the link, never click the link or offer any personal data.
- Email Phishing – In email cyber scams, the attacker will often send an email that looks legitimate, as though it might be from Amazon, PayPal or your bank. The email usually appears urgent to get you to sign in via a link and submit your personal information so they can steal or sell your data. To be safe, if you receive a suspicious email, always visit the website directly or contact the company and never click any links.
- Pharming – A pharming attack involves installing malicious code onto your device. This code then sends you to fake websites that appear legitimate to gather your login credentials. Always check the website you are visiting. Ensure it is secure with HTTPS before entering any data, and make sure the website is legitimate and doesn’t contain odd symbols or numbers. One letter, symbol or number may be off from a legitimate site. For example, instead of www.amazon.com, the website may appear as ama.zon.com.
- HTTPS Phishing – Attackers send emails with links to fake websites designed to trick you into entering your private information. Never click any links in emails unless they are from trusted sources, and always check the email address to ensure that the domain is from a legitimate website. For example, Amazon’s email domain will always appear as @amazon.com. You will never see an email from Amazon that isn’t from this domain.
- Pop-up Phishing – Pop-up phishing cyber scams have become sneakier over the years. You’ll often see a pop-up about an issue related to your computer or computer security, which tricks you into clicking the link and directs you to download files, which are often malware. Sometimes in an attempt to appear valid, these pop-ups will also refer you to a customer support center number. Never fall for pop-up phishing. If your computer security says it needs a critical update, do not click on pop-ups. Go to your computer security program directly and search for any issues. If you have any questions, obtain your security program’s customer service number directly from their website and contact them.
- Deceptive Phishing – Attackers using deceptive phishing tactics will pretend they are a legitimate company and inform you that you are experiencing a cyberattack to get you to click a malicious link. If in doubt, visit the company's website directly and contact them.
- Evil Twin Phishing – Evil twin cyber scams attacks are becoming more common. The hackers will set up fake Wi-Fi networks that appear legitimate, but when you log in, hackers will obtain your sensitive information. Only connect to Wi-Fi networks you know and trust.
- Clone Phishing – A clone phishing attack is when hackers make identical copies of a message you have already received and include an intro, such as “Resending this,” and a link in the email.
- Angler Phishing – This type of phishing uses fake social media posts to attempt people to download malware onto their devices to obtain a reward or refund.
- Smishing – Smishing is rapidly gaining in popularity and is phishing through an SMS or text message. Never click on any unsolicited links via text. These texts may also use social engineering tactics to create a sense of urgency. Watch this short video to learn more about the harmful effects of smishing.
- Website Spoofing – Hackers will make fake websites, such as Amazon, Microsoft, etc., that appear genuine but have slightly different URLs. All fonts, images and data appear legitimate, but they are not. Hackers hope these websites will lure users into inputting their usernames and passwords so they can obtain personal information.
- Image Phishing – If you receive an unsolicited email or text message with images, do not click on them. Image phishing involves using images that have malicious viruses to infect your device.
- Search Engine Phishing – Search engine phishing involves attackers selling fake products. These often pop up in search engines and ask you to enter sensitive information before purchasing. If something is for sale and not from a reputable website you recognize, research it. The company and product may be a scam.
To learn more about common cyber scams and how to protect yourself, visit Cybersecurity & Infrastructure Security Agency. You can also report issues and cyber scams to the government via this website.