In this edition of “Guardians of the Digital Frontier,” we delve into a prevalent cyber threat known as phishing. What is phishing, how is it executed, and what precautionary measures can you take to safeguard yourself from becoming a victim?
Phishing refers to a type of cyber-attack wherein malicious actors attempt to deceive individuals into disclosing sensitive information, such as passwords, credit card numbers, or social security numbers, by impersonating a trustworthy entity.
Unfortunately, many individuals, particularly older retirees, have fallen prey to this scheme, resulting in the rapid depletion of their life savings and retirement benefits.
To illustrate how phishing operates, consider the following fictional dialogue between a scammer and a potential victim:
Scammer: (making a call) “Good morning, ma’am. This is your account officer from AB Bank. We are upgrading our system, and I need your account details to prevent your account from being blocked.”
Victim: “Thank you. But how did you get my phone number?”
Scammer: “I’m your account officer at AB Bank. Are you not Mrs. Grace [last name]? You opened your account in [year] and your date of birth is [date].”
Victim: “Yes, that’s correct.”
Scammer: “I’m here to assist you, given your long-standing relationship with us.”
Victim: “Thanks.”
Scammer: “Please send me your ATM card numbers along with the CVV on the back. We need this information to upgrade your account.”
Victim: “Okay.” (sends details)
Scammer: “I’ve received your ATM details. Please also send the OTP sent to your phone so I can complete the upgrade.”
Victim: (sends OTP)
“Here it is.”
Scammer: (immediately begins withdrawing funds from the victim’s account)
This scenario exemplifies a common tactic employed by cybercriminals.
To help you avoid falling victim to phishing attacks, consider the following tips:
1. Be Skeptical of Unsolicited Communications:* Always be cautious of unexpected emails, texts, or calls requesting personal information. Legitimate organizations rarely ask for sensitive details through these channels.
2. Verify the Sender: Scrutinize email addresses for slight misspellings or unusual characters. If you receive a suspicious message, contact the organization directly using a known official contact method.
3. Inspect URLs Carefully: Hover over links to reveal the actual URL, and ensure the website uses HTTPS (indicated by a padlock icon) when entering sensitive information.
4. Be Cautious with Personal Information: Limit the sharing of personal data online and use strong, unique passwords for different accounts.
5. Enable Two-Factor Authentication (2FA): Whenever possible, activate 2FA to add an extra layer of security to your accounts.
6. Keep Software Updated: Regularly update your operating system, browser, and security software to protect against vulnerabilities.
7. Educate Yourself and Others: Stay informed about the latest phishing techniques and consider training employees in recognizing and responding to phishing attempts.
8. Use Anti-Phishing Tools: Utilize browser extensions and email filters to help detect and block phishing attempts.
9. Report Phishing Attempts: If you encounter phishing, inform trusted family members or report it to the appropriate authorities, such as your email provider or local cybersecurity agencies.
10. Trust Your Instincts: If something feels off or too good to be true, proceed with caution.
By adhering to these guidelines, you can significantly reduce your risk of becoming a victim of phishing. Stay vigilant and cautious when dealing with unsolicited communications or requests for personal information. In our next editorial, we will focus on “Whaling.” Until then, stay safe!
About the Author
Charles Akinjide Ogunmoriyele is a chemical engineering graduate of Obafemi Awolowo University, Nigeria. He founded Edward Louis Limited, focused on renewable energy, real estate, manufacturing, and cybersecurity. Motivated by a personal incident involving cybercrime in 2018, he pursued cybersecurity education and certifications and now an advocate of cyber security awareness. He can be reached via email at edwardlouislimited60@gmail.com
