Different types of Phishing

Hi there!

How has your week been? Hope positive like mine??

In my last letter, I shared some ways you could avoid being phished and stay protected. In my custom of keeping to promises, over the next free weeks I’d be sharing some different types of phishing adopted by cybercriminals. We will be kick starting the journey this week with Spear phishing.

Like I told you last time, phishing is simply the act of tricking an unsuspecting individual into disclosing sensitive personal information by claiming to be a trustworthy entity via email.

Spear phishing is a targeted deceptive attempt to steal sensitive information such as account credentials or financial information from a specific victim, often for harmful reasons. This is achieved by researching specific details about the victim such as their friends and colleagues, interests, employer, locations they frequent, or service providers they use. The attackers then pose as a one these trustworthy entity or frequently contacted parties to acquire more sensitive information or get the victim to take a harmful action, typically through email using this information they have on the target.

Spear-phishing is known to have a high success rate because of how believable these emails are, given the rich context the bad guys create, using publicly available information about the victim. Spear-phishing requires more thought and time to achieve. See a spear phishing attempt below:

I know it is scary but as always, I have tips to help you avoid being spear phished.

1. Watch what you post online – You don’t have to post everything online; it could very easily be used by attackers in a spear phishing attempt.
2. Have smart passwords – We cannot overemphasize this. Just get a reliable password manager to ease your stress. I don’t like stress, pretty sure you don’t as well. Also, turn on 2 factor authentication for all your online accounts, no account is less important.
3. Avoid clicking links in emails - If an organization, such as your bank, sends you a link, launch your browser and go directly to the bank’s site instead of clicking on the link itself.
4. Be cautious when opening emails – Where possible, avoid opening attachments in emails you were not expecting. ?If you get an email from a “friend or colleague” asking for personal information including your password, carefully check to see if their email address is one that you have seen them use in the past or simply put a call across to them.

Note: Cybercriminals always come up with new and innovative ways to get access to your personal data. So, it may not look like the example I have shown you. If you feel you might have fallen victim to a phishing scam, it is important to contact the platform’s support and report the issue and get your login credentials and any information you may have provided the cybercriminal changed as soon as possible. It’s also smart to seek the advice of a cyber security professional.

Side Gists

I honestly can’t keep calm! DigiGirls Cohort 2 finally kicked off this week with an orientation event for its over 4400 beneficiaries across Nigeria. If you are interested in having any of our alumni intern at your organization upon completion of their training, please send an email to [email protected] stating your interest.

We are super excited to announce our partnership with the Global Forum on Cyber Expertise (GFCE). As collaborative partners we would help in building skills and capacity for the vulnerable ones in our society against threats to them or their businesses in the cyberspace. Know more about GFCE here .

?

It was fun writing you as always. Look out for my next letter where I would be telling you about another type of phishing called “whaling”.

Till then, stay well and remain cyber safe! ??

Yours truly,

Bolatito