Companies across the globe experience more than one million phishing attacks each year (source). Let that sink in.
This means, the individuals who perpetrate this type of crime are constantly attempting to gain access to highly personal information. Think bank details, account logins, social security numbers, passwords, and much more. If successful, attackers can then use your personal information to access online accounts, commit identity theft, and even steal your money.
This practice has become so pervasive that all businesses and individuals must be proactive in their effort to protect themselves. If you’re not sure where to start, keep reading. Today we teach you how to identify phishing attempts, how to prevent them, and most importantly, how to protect yourself.
A Complete Guide to Phishing Prevention
For those who aren’t familiar with phishing, here’s the official definition: Phishing is the fraudulent practice of sending emails purporting to be from reputable companies in order to compel individuals to reveal personal information, such as passwords and credit card numbers.
How does phishing work?
Phishers—or the people who carry out phishing scams—rely on a number of channels to execute their attacks. Currently, the most common avenues for phishing attempts include email, text messages, and social networks.
Typically, the target of a phishing attack receives a message appearing to be from a well-known organization or personal contact. These messages often contain files or links that install malicious software or direct the user to malicious websites. In either instance, the main goal is to trick the victim into handing over personal information.
Unfortunately, phishing tactics are constantly evolving. If you’re not paying close attention, it’s extremely easy to mistake a phishing email for the real thing. Phishers are able to spoof vital components of an email including the domain, the sender name, and even a company’s logo.
As technology becomes more advanced, phishers are able to make their communications look more and more convincing. But, all is not lost. There are steps you and your company can take to identify and avoid phishing attacks. Stay with us.
Types of Phishing
Phishing attacks come in a variety of shapes and sizes so to speak. In order to protect yourself, you must understand the many different faces of phishing. Although this is not a comprehensive list—it covers the most common forms of phishing (source):
Spear phishing: This type of attack is directed at a specific individual using information related directly to that person or company. This type of attack requires extensive research on the target and often references details that no one else would know.
Whaling attacks: Similar to spear phishing, this tactic targets a company’s executives in an effort to steal large amounts of money from the company.
Pharming: This tactic involves redirecting a user from a legitimate site to a fraudulent one—usually in an effort to get a target’s login information.
Wi-Fi phishing: In this tactic, phishers set up Wi-Fi access points that look similar to a well-known or regularly used network. When users log in to the fraudulent Wi-Fi, the phisher is able to access all of a user’s information.
Voice phishing: This type of attack requires a software that leaves voice messages purporting to be a specific company. Often, the messages ask a person to confirm bank charges, report specific activity, or ask them to confirm their identity by phone.
Cloning: This technique involves duplicating a legitimate email and replacing links within the text with fraudulent ones.
SMS phishing: This type of attack is done via cell phone. The attacker sends a text message that, if clicked or opened installs malicious software on the victim’s phone.
How can I identify a phishing attempt?
Now that you’re familiar with the most common phishing tactics, let’s get into identifying phishing attempts.
First and foremost—if something feels ‘off’ or ‘weird’ about a message you receive, don’t take any chances. You’re likely picking up on something fishy. Don’t click any links or download any attachments until you’ve confirmed the message is legitimate. We’ll tell you exactly how to confirm an email’s legitimacy in a second.
Before you click them, check out each and every link within an email. Do not click them—I repeat, do not click links, until you know where they lead. Do this by hovering over the text, without clicking.
Although phishing technology is advanced, the communications aren’t always sophisticated. Be sure to check for typos within the body of the text, the email addresses, the email domain, the links, and anywhere else you see text. Often, phishers will swap a single letter in an email domain, hoping you won’t notice.
In the opening salutation of the email, look for any vague references like, valued customer or dear customer. Also, check who else the email was sent to—are there people cc’d on the message who you don’t know? Both of these are signs of phishing attempts.
Phishers will use language that conveys importance, urgency, or alarm. Standard communications from reputable companies do not contain such information. If you read an email and get the feeling you need to take immediate action, take a second to make sure the message is real.
Request for personal information
If an email or website requests personal information, be on high-alert. Ask yourself, does this company usually require this information? Do I feel comfortable providing this information? And, is this information necessary to complete what I’m trying to accomplish? If you’re still not sure if the email is real, call the company and ask.
Phishing emails usually contain very little contact information for the company they’re purportedly being sent from. And, for good reason—they don’t want you contacting the real company to see if the phishing attempt is If there is contact information within the message, you can always compare it to the publicly available contact information on the real company’s official website.
A lot of phishing attempts involve an email attachment. Once the email attachment is downloaded, malicious software is installed on the victim’s computer. So, before opening any attachments, confirm that you are not the target of a phishing attack.
How can I avoid being the target of a phishing attempt?
Although phishing attacks are almost unavoidable, you don’t need to fall victim to them. Aside from installing legitimate software to protect your accounts, there are steps you can take to ensure you don’t fall into a phisher’s trap. These steps are as follows:
Congratulations, you’ve completed this step just by reading this article. But, in all seriousness, education is important. Phishing methods constantly change and evolve, so it’s important that you keep up-to-date on your phishing knowledge. The best way to prevent an attack is to know and understand all the ways phishers plan their attacks.
For companies, this means providing your employees with the resources they need to protect themselves. Most companies who have the resources choose to work with a security company or person to purchase tools designed to protect against these attacks. It also means providing the appropriate training, handbooks, and outlets to report attempts or breaches.
Be vigilant! Phishing attacks happen when you least expect them. They’re often expertly disguised as legitimate communication—so, if you don’t have your guard up, it’s easy to unknowingly expose your personal information to phishers. Question anything that makes you feel uncomfortable, hesitant, or even if you feel like an email just looks off. You can never be too careful.
No one will ever fault you for asking questions to protect yourself. By this we mean—don’t be afraid to reach out to the company who appears to be emailing you. Be sure to use a trusted source like a phone number or email address directly from the company’s official website. The company will be happy to confirm or deny the legitimacy of a message. They don’t want your account compromised and neither do you.
If you work within a company, don’t be afraid to report phishing attempts or to let other employees know of the potential risk for attack. Although you may know not to click certain links or attachments, others may not be so aware.
It’s important to note, that if at any point you do fall victim to a phishing attack, report it immediately to all parties involved. This includes any companies, users, accounts, or websites. The quicker you take action the less damage the attacker can do.
Phishing and ZoomInfo Customers
Unfortunately, ZoomInfo customers have recently been the target of phishing attempts. When you have something worth stealing, there will be someone out there who tries to steal it—including our contact data. Attackers have been reaching out to our customers in an attempt to get their login credentials and other personal information. We have included examples below.
As you will notice, these emails appear to be very realistic. They contain different variations of our logos, the sender looks similar, if not identical to, a ZoomInfo email, and they all contain an urgent request for personal details. Yet, none of them are legitimate communications from our company.
If you are a ZoomInfo customer, please be on the lookout for emails like these. We urge you to reach out to us if you’re ever unsure of an email sent from ZoomInfo— before clicking any links or downloading any attachments. If you feel your ZoomInfo account has been compromised, we ask you to do the same. Our customer success team can be reached at email@example.com or by phone at (781)-693-7575.
The security of our customers’ accounts and personal information is of the utmost importance to ZoomInfo. We are taking every precaution to provide you, our customers, with the security you have come to expect of us. As always, not hesitate to reach out to us with questions you may have or to discuss the security of your ZoomInfo account. We’re here to help!