Three types of phishing scams everyone needs to know
How to identify spear phishing, conversation and business email scams
A phishing email uses a sense of urgency to direct the victim to visit a website designed to steal the victim’s account credentials. Some phishing attacks are very straight forward, for example, “Update your password now!!!” can easily be detected because they typically are not written well (poor grammar and word choice). However, some attacks are more sophisticated. An advanced phishing message looks like it comes from a trusted contact, is well written and leads to a site that closely resembles the spoofed website.
Three types of advanced phishing attacks
Spear phishing is a highly personalized type of phishing message sent to an individual or small group using personal information. These types of advanced, targeted phishing attacks include the following:
1. Highly personalized spear phishing
Spear phishers scavenge social media profiles to craft highly personalized messages. They could also use information like the name of your family, friends, and colleagues to trick you into clicking a link or downloading an attachment.
Every bit of information you post on a social network makes you vulnerable to spear phishing.
Even if the email or text message appears to be from someone you know, be cautious. Phishers can also impersonate email addresses and phone numbers.
2. Conversational scams
The conversational scam uses multiple emails to create a believable narrative.
First, the scammer sends a lure email designed to build trust. In this email, they will tell you to expect another email with an attachment or a link. After a period of time, the scammer will send you a message which contains malicious attachments or links.
3. Business email scams
The primary goal of a business email scam is to fraudulently access funds via transfer by posing as a trusted individual. These scammer will try to solicit gift cards, initiate bank transfers, or change bank routing numbers.
As an example, a scammer may impersonate a supervisor and send you an urgent request to purchase iTune or Amazon gift cards.
What to watch out for
Always watch for these signs of a possible phishing email:
- UM external warning tag. This is a warning at the top of any email that comes from outside the university. This is a sure indicator that if it sounds suspicious, it probably is.
- A sense of urgency
- Poor spelling and grammar
- Tone and context – do you typically receive these kinds of requests?
- Links – strange or incorrect URLs
How to protect yourself
None of us are immune to a good scam artist, but there are some actions you can take to protect yourself:
- Never download attachments that are out of context
- Update your software frequently
- Back up your files regularly
- Use caution while surfing the web and checking your inbox
- Never enable Macros on Microsoft documents from unknown senders
- Always verify any urgent request
If you suspect you have received a phishing email, report it to spam [at] umanitoba [dot] ca.
Remember: Information Security Starts with You!