At a Glance
Phishing attacks have really taken off in the last few years, with the majority of attacks happening via email and text messages. But what is a phishing attack? How can you prevent phishing emails and texts?
In this article, I’ll explain what phishing is, how the bad actors of the world use phishing in an attempt to defraud you, how to recognize these attacks, and what you can do to prevent them by removing your information from the various data brokers on the web.
What is Phishing?
Phishing is when cyber scammers attempt to trick you into providing sensitive information, by impersonating a trustworthy source. Scammers can pose as your bank, credit card company, a merchant, or even the government. Phishers attack via multiple vectors, including email, text messages, and phone calls.
No matter how they approach you, scammers are looking to steal your personal and financial information from you, so they can separate you from your hard-earned cash, open credit accounts in your name, steal your identity (both in “real life” and online), and basically just ruin your life.
While in the past it was easy to detect phishing emails and texts – due to bad grammar, obvious misspelling of words, and odd-looking URLs – phishers have become more sophisticated in their attempts, making their messages and emails appear to be legitimate.
Scammers cast a wide phishing net, sending emails and texts to a massive number of targets. By sending out a huge number of phishing emails, scammers are almost guaranteed to catch enough victims in their nefarious nets to make their efforts worthwhile.
How Can I Identify a Phishing Attempt?
One telltale sign of a phishing attack is the scammers’ attempts to create a sense of urgency to act on your part. They will urge you to deal with an issue (such as having an account breached), otherwise you could lose money, miss out on special offers, or have an account or membership canceled due to a lack of action on your part.
Phishing attempts will also include too-good-to-be-true claims, such as the well-known Nigerian Prince urging you to help home recover money, which he’s willing to give you a cut of if you assist him, which usually involves sending him money for legal aid. (Although scammers can be quite inventive, their claims can vary.)
Be sure to carefully examine the sender’s email address or phone number. Many phishing attacks will attempt to imitate a legitimate sender. However, while the sender’s address may look legitimate at first glance, if you look at it closer, you’ll see that there may be a letter left out, or there may be numerals in the place of characters.
As I mentioned earlier, look for bad grammar and spelling mistakes, as well as noticeable indicators that the sender’s first language is not English. While scammers are getting better at this, it still pays to closely examine the sender’s grammar and spelling.
Be alert for hyperlinks and shortened links. These can often lead to fraudulent websites, which will pump you for information or install malware on your computer or device. Never open attachments in unsolicited emails. These attachments can be in the form of .exe or .com files, or even in the Microsoft Word format. (Malformed Word documents can cause harmful consequences when you open them.)
What Types of Phishing Are There?
There are several types of phishing to stay alert for, but what are they?
- What is Email Phishing?: Bad guys will create emails that appear to be from legitimate companies in an attempt to get you to provide personal and financial information. The phishing emails will appear to come from your bank, credit card companies, merchants, and other well-known companies and institutions.
- What is Spear Phishing?: Scammers will send you an email that appears to come from a close friend, business associate, or relative. Many times, spear phishing will include a link or attachment that will install malware on the target’s computer. When the targets are employees of a targeted firm, this can lead to data breaches and the installation of malware on corporate servers.
- What is Clone Phishing?: This is one of the most difficult-to-detect types of phishing. Bad actors will send an email that is a near duplicate of emails you have already received, which carries a malicious payload, such as an attachment or link. Cloned emails are sent from an email address that is almost the same as a legitimate message’s sender, making it tougher to detect.
- What is Whaling?: Scammers will target high-ranking executives (CEOs, CFOs, COOs, etc.) in a company, looking to gain access to money or the firm’s sensitive data. These attempts are generally more sophisticated and usually rely on emails that appear to be from inside the target’s company or from legitimate outside organizations.
- What is Pop-Up Phishing?: The bad guys will use pop-ups on websites to trick browser users into installing malware. These pop-ups will claim that malware or viruses have been detected on your device, urging you to click to clean your computer of the threat. Ironically, if you click on the pop-up you run the risk of installing malware on your device.
- What is Smishing?: This is phishing via text messages. “Smishing” comes from the combination of SMS (Short Message Service) and phishing. Much like email phishing, Smishing will attempt to persuade a victim to click on a link or provide personal or financial information, such as Social Security numbers, credit card numbers, or bank account information.
- What is Vishing?: This is phishing via phone calls. Vishers will use fraudulent phone numbers (they spoof legitimate businesses’ and organizations’ phone numbers so the call looks to be on the up-and-up), as well as voice-altering software to trick users into turning over information.
- What is SEO Phishing?: This a malicious attack that involves hackers infiltrating your website (WordPress sites are particularly popular targets), filling it with spammy links. This allows bad actors to get their fake websites ranked high in Google’s search results, resulting in more visits to their malicious sites via Google results.
How Can I Proactively Protect Myself Against Phishing Attacks?
What Helps Prevent Phishing?
The most asked question I hear from readers is when it comes to phishing, how to prevent it? There are several ways to protect yourself from phishing attacks. In this section, we’ll examine all of the ways you can shield yourself from attackers.
How to Stop Phishing Emails
First of all, take care in sharing your personal information with unknown sources. Never share your email address, phone number, address, and other personal information. Be especially careful not to share your Social Security number or checking and credit card account information.
Install antivirus and malware protection on your computer or mobile device. This helps to protect you against malware and virus attacks. In most cases, antivirus and malware protection will scan attachments and other files before opening them.
Use unique and secure passwords. Always use a password manager to create, protect, and remember your passwords. A quality password manager not only saves your passwords in an encrypted database, they can also create secure and unique passwords, while also warning you when you reuse a password. (Never, ever use the same password for multiple accounts. Bad guys love it when you do this, as it makes their brute-force password attacks much easier.)
Even if you take care to not share your personal information with the bad guys, your information is out there, thanks to data brokers. Data brokers collect information from various sources, sort through it, collate it, and then sell it to anyone with the cash to spend.
This means the bad guys can either purchase your personal info from the brokers, or even worse, they can steal the data if and when there is a data breach.
While you can certainly contact hundreds of data brokers around the world to request that your information be removed, be prepared to spend quite a bit of time tracking the brokers down and making your requests. Oh, and be prepared to repeat the process again down the line, as data brokers may remove your data upon request, nothing stops them from collecting and adding your personal data again and adding it back to their databases.
Well-known VPN provider Surfshark estimates that if you contact one broker at a time, it will take close to 70 years to make and follow up on each request.
There is a better way to do this. Use a content removal service.
Content removal services will work to remove your information from data brokers’ databases without requiring you to contact each broker individually. While these services do charge a fee, they will do all of the dirty work for you. Plus, as long as you continue your subscription, the removal services will keep an eye out for your information in data broker databases, both old and new, and have it removed once again.
Keep in mind that in addition to paying a fee, you’ll also need to provide a bit of personal info to the removal service. This can include your full name, phone number, email address, mailing address, and possibly other info. While this may seem to be counterintuitive (after all you’re trying to get away from sharing your personal information, yes?), the service needs this information to ensure they’re asking for the right person’s information to be removed.
Incogni
If you do a little research, you’ll find there are several content removal services all over the web. However, I have found a reliable content removal service that offers reliable and easy-to-use removal services at a reasonable price.
Incogni is a subscription service, charging a monthly or annual subscription fee. As I mentioned above, paying a monthly or annual subscription fee ensures that the service will continue to monitor data brokers for your personal information.
Incogni sends recurring data removal requests to brokers, ensuring that your information will not return to their servers. Incogni also continually keeps an eye out for new data brokers, so they can contact them with a data removal request.
While all of this sounds great, where’s the catch? In other words, how much is this going to cost me? Considering how much dirty work Incogni does for you, its pricing is quite reasonable. While opting for a monthly plan will run you $12.99 per month (plus tax), you can really save money by choosing an annual subscription, which is quite attractive at $6.49 per month when you pay $77.88, plus tax up front. This buys you a full year of worry-free removal from data brokers’ lists.
As I mentioned previously, Incogni collects information about an ever-growing list of data brokers, automatically tracking them while they collect information about you, including your email addresses, Social Security number, home address, phone number, and much more.
This data is used by advertisers, recruiters, loan companies, insurance companies, and other interested parties to send you emails, text messages, advertising, and other types of junk communications. Unfortunately, this information is also used by bad guys who are looking to separate you from your hard-earned money. They do this via phishing attempts, creating credit card accounts you won’t know about, attacking your online accounts, and any other thing they can think of to dip their hands into your pocketbook.
Once you subscribe to Incogni, you will then be required to authorize them to act on your behalf by contacting the data brokers to request the removal of your information. You will need to provide a small amount of personal information so they can confirm who you are, so the company can then begin reducing your digital footprint by getting your info removed from these brokers’ databases.
Incogni’s proprietary algorithm then begins its work, first determining which data brokers have your personal data stored on their servers. Many data brokers only collect information about citizens in specific regions of the world. So, if a broker doesn’t collect information in your area, that broker will be skipped. Incogni will only contact data brokers that are expected to have your information on hand.
Incogni doesn’t have a static list of data brokers that it scans and contacts. The company stays on the lookout for new data brokers, and automatically contacts them with a data removal request on your behalf, if necessary.
The service also repeats its removal requests on a regular basis, ensuring that your information doesn’t make an encore appearance on the brokers’ servers.
After engaging Incogni’s services, you may receive requests for additional information if a data broker requests it before cleansing your information from its servers. Some data brokers have even been known to require a copy of your government-issued ID before removing your information.
Just FYI, data brokers have 30 to 45 days to remove your information (depending on where they do business), and many of them will delay the removal until the very last minute, allowing them to milk the last dollar from your data.
Incogni is privacy-centric (it’s owned by Surfshark, a leading VPN service) and as such does not sell your data to third parties. You also have the right to view, correct, update, or delete any of your personal data that Incogni has about you.
It should be noted that Incogni can only assist folks that are residents of Europe, the United States, the United Kingdom, and Canada. Also, privacy laws vary from state to state in the U.S., so your removal options may vary, depending on where you live.
Incogni makes it easy to track your data removal progress, thanks to its dashboard feature, which allows users to monitor your progress at a glance, thanks to its handy pie chart and removal tally. You’ll see the number of data brokers that likely have your information, the number of removal requests Incogni has sent, and the number of removal requests that have been completed.
In Conclusion
There are several steps you can take to prevent phishing attacks. While some of the steps you need to take are more time-consuming than others, you’ll benefit from not falling for “phishy” attacks. By taking care to reduce your digital footprint, and avoiding clicking on attachments and links in emails and texts, you can fly under scammers’ radar – protecting you, your family, and your finances.