Tech Tip: The Many Faces of Phishing

Well? What are you waiting for?! Click the LINK to get your FREE Amazon gift card!  

We don’t judge. It can be hard to figure out what is a phishing attack and what isn’t, and most everyone has fallen for one at some point. Scammers have so many tactics to try and get their grubby fingers on your personal data, but when you know what signs to look out for it’s easy to thwart their plans. 

Phishing comes in a lot of forms these days, but some of the most common forms include: 

Email Phishing  

  • This phishing tactic is when scammers send email messages soliciting personal information from the recipient. They pose as trustworthy individuals/organizations to better disguise themselves and therefore lure the recipient in by using already established trust.  
  • Common phishing emails call for individuals to confirm their accounts by clicking links, share their login credentials to keep their accounts functioning, promise high pay-low hour jobs, and many more. 
  • Common indicators of this include: 
    • Bad grammar 
    • Vague organization affiliation 
    • Email addresses from outside the organization 
    • Call for immediate action or a tight timeline 
    • Ask you to click links 
    • Ask for personal information 

Vishing & Smishing 

  • Vishing and Smishing are tactics where the scammer will send a text message (smishing) or call you (vishing) to solicit personal information using cell phones. These scammers can spoof the numbers of trustworthy organizations like your bank or doctor’s office in order to gain access to your accounts.  
  • Common vishing/smishing messages say things like your bank account is exhibiting suspicious activity, unsolicited loan approvals, the IRS calling to collect taxes owed, discontinuation of utilities for past due accounts, and more. 
  • Common indicators of this include: 
    • The caller claims to be from a government agency 
    • The caller asks to confirm account information 
    • Unknown phone numbers 
    • There’s a sense of urgency 

Targeted Phishing 

  • This type of phishing specifically targets an individual that the fraudster has information on. They might send you an email with your name, job duties, and other details about your life to make it sound like they have some level of access to your information. This pseudo-rapport makes it very likely that someone will give up even more personal info to the scammer. 
  • Common targeted phishing emails will contain attachments, transaction confirmations, shipping notices for products never ordered, and more. 
  • Common indicators of this include: 
    • Emails from people within your organization that you have never spoken to 
    • Unfamiliar greetings 
    • Grammatical errors 
    • They ask you to click attachments/links 
    • They make you feel uncomfortable/silly 

Customer Service/Social Media Phishing 

  • This form of phishing is relatively new to the world of cybercrime. It weaponizes social media by cloning pages belonging to established brands, people, and companies to commit fraud. Oftentimes, these accounts will get their followers to click on malicious links or divulge personal information using their public profile, but they also may use the information shared by the victim to craft incredibly targeted attacks as well.  
  • Common phishing attacks will include unsolicited sweepstakes wins, free gift cards, messages offering brand ambassadorships, and more.  
  • Common indicators of this include 
    • Accounts with no verified checkmark 
    • Brand new accounts  
    • Few followers 
    • Little engagement on posts 

For more information on cybersecurity visit our website! Think you accidentally clicked on a phishing email? Contact the UWM Help Desk.