In today’s day and age, where every Billy, Bob, and Joe has a vast digital footprint, phishing has become one of the most common and dangerous cyber threats. Phishing, a type of cyberattack, using fishy emails, text messages, or websites to trick people into revealing passwords, credit card numbers, or social security numbers. Phishing attacks are have an eye for detail, becoming harder to detect, causing significant financial and reputational damage.

Speaker

  • Benjamin Davidson, Attorney, Division of Marketing Practices, Federal Trade Commission

In a recent media briefing held by Ethnic Media Services on September 1st, Benjamin Davidson, an expert from the Federal Trade Commission (FTC), shed light on this evolving threat and how to protect yourself. We dig into the latest phishing tactics to the best practices for staying safe online.

Fishy Personalized Attacks

Phishing attacks are becoming more targeted and personalized. Instead of sending generic emails or text messages to a large number of people, attackers are now using social media and other sources to gather information about their targets and craft messages that are more convincing and relevant to them. Yeah, social media did that. 

As Rosario Mendez, an attorney at the FTC, explained, “Phishing attacks are no longer just about getting people to click on a link or download a file. They’re about building trust and rapport with the victim, and then using that trust to extract sensitive information or money.”

To illustrate this point, Mendez shared a real-life example of a phishing attack that targeted a small business owner. The attacker created a fake email account that seeming like the business owner’s very approachable bank, and then sent an email to the owner asking for their login credentials. The email was personalized and included details about the owner’s recent transactions, which made it seem more legitimate. Unfortunately, the owner fell victim to the bait, losing thousands of dollars.

Using AI

Phishing attacks, like any good tech firm, have also implemented artificial intelligence and machine learning to automate and personalize the attacks. Ben Davidson, a senior advisor at the FTC, explained that attackers are using AI to analyze large amounts of data and identify patterns for crafting more convincing messages, a message that is truly you.

“We looked at the phone companies, the technological companies that help people send the calls, the credit card companies that help people monetize,” Davidson said. “So we’re trying to fight it on as many fronts as we can, but being vigilant and being concerned is all an important first step.”

How to Not Get Phished

So, how can we make it so that only phishing the happens here ends up on a plate and in our stomachs? Well not everyone can eliminate their digital footprint. Ben Davidson hands out several tips and best practices for staying safe online:

1. Stay skeptical. Any unsolicited emails or text messages asking for personal or financial information is probably a scam. If you’re not sure if an email or message is legitimate, don’t click on any links or download any attachments.

2. Check the sender’s email address or phone number to make sure it’s legitimate. Attackers often use fake email addresses or phone numbers that look similar to the real ones.

3. Look for signs of phishing. Misspellings, poor grammar, or urgent requests for action all signal something fishy. Legitimate companies and organizations usually don’t send emails or messages that contain these types of errors.

4. Use two-factor authentication whenever possible. Two-factor authentication adds another layer of security, such as a code sent to your phone, in addition to your password, which may be more work, but more secure too.

5. Keep your software and security systems up to date. Software updates usually parachute in security patches, protecting you from the latest threats.

6. Stay educated. Technology is alike a living entity, growing with time, and there’s no doubt that the attacks will also evolve as time goes on. The more you know, the better prepared you’ll be to avoid the threats.

Phishing is a serious and evolving threat, demanding constant vigilance and awareness. Following the tips and best practices outlined in this briefing, you can help protect yourself from the damaging effects of phishing attacks. As Ben Davidson said, “Being vigilant and being concerned is all an important first step.” So, stay vigilant, stay informed, and stay safe online. If the fish don’t stink, don’t bite. Let’s not be the ones to take the bait. I think we have made enough fish puns for one day, so on that note, enjoy your meal. 

Read more on Siliconeer.