“Protecting you and your emails”
November 28, 2021
In light of recent phishing incidents occurring within the UW-Whitewater email system, it is important to learn about these types of cyber attacks and know how to deal with them.
Phishing attacks are social engineering attacks designed to scam individuals through their emails/phones/computers. Phishing emails can be targeted through individual attacks or through a network of emails such as university, company, or organization based systems. The scammers often use a persona of a higher authority or by talking directly to an individual. The attacker also does this by speaking to the victim like an acquaintance. There are many different types of phishing such as; spear phishing, whaling, smishing, vishing, and search engine phishing.
- Spear phishing is usually attacking a company’s administration or an individual group inside a company. The attackers use formal vocabulary to trick the victim into clicking on a link to help their company. Once the victim clicks on the link, the attacker will gain access to their information through their computer.
- Whaling is targeting people inside companies that are very high on the food chain, hence the whaling reference. The attackers usually claim that their company is facing legal troubles and asks the victim again to click on a link. Again the link will gain access to the victim’s computer and the attacker will gain information.
- Smishing is different from the others because instead of email, the attacker uses text messages. The attacker will fake a report by saying the victim’s banking information has been breached. Once the victim clicks on the link the attacker will gain access to their phone and personal information. This could be more dangerous than the others because nowadays people put everything into their phones.
- Vishing is also different in the sense that it is a voice call. The most common attack is when the attacker calls and states that the victim’s computer has been breached and asks the victim to provide a credit or debit card number to get an anti-virus software installed. This is not a real act, your computer company would not call you about a situation like this. Once the attacker has the information they want, they will clear out your bank accounts.
- Search engine phishing is where attackers create fake websites for their victims to click on after using a search engine. Once the victim clicks on the website the attacker will gain access to their computer and information. Luckily many search engines, for example Safari, use their own software to keep trackers from profiling you or protect your computer from phishers.
In the end, never click on links inside emails that are from someone you don’t know. Never give out your banking information, passwords to anything, or personal information to people or companies you do not know or work with. And for an extra step for safety, install anti-virus or some sort of protection for your laptop/tablet/phone. When taking these safety measures it is nearly impossible to get scammed.