4.9.1 Cybersecurity Tips: Phishing
Cybersecurity Tips: Phishing
Introduction
Among the increasing occurrence of cybercrimes, phishing is one of the most common techniques that attempts to trick individuals into revealing sensitive information, such as passwords, credit card information, or other personal data. It is important to know about different types of phishing, and how you could avoid them to better protect yourself online.
What you need to know
Phishing attacks often target unsuspecting individuals by impersonating trusted entities, such as banks, online retailers, or government agencies. These attacks can occur through different communication channels, including phone calls, emails, links, and messaging apps. The phishing attempts often create urgency or fear, prompting victims to act quickly without verifying the source.
Some commonly seen phishing techniques include:
- Phone Phishing (Vishing): Cybercriminals use phone calls to pretend trusted individuals/organizations and persuade you to provide sensitive information or take actions on behalf of the attacker.
- Email Phishing: Fraudulent emails often appear with fake notifications or alerts that include links or attachments designed to steal your credentials and infect devices with malware.
- Phishing Links: Fake websites that are designed as real ones, trick you into entering personal information by clicking on fake websites and/or malicious links.
- Messaging App Phishing: Cybercriminals text or send deceptive messages via apps such as WhatsApp or other social media, trick you into clicking on malicious links or sharing sensitive data.
What you should do
In addition to understanding what phishing is, one needs to know what action may be taken against phishing attempts.
- Verify the source: Remember to always verify the authentication of messages or calls before providing sensitive information. Legitimate organizations will never ask for personal details via email, phone, or messaging apps.
- Avoid opening suspicious links: Make sure to check all the URLs you see before opening. Be cautious of links that lead to websites with slight misspellings or unfamiliar domain names.
- Use strong email filters: Enable spam filters in your email service to block suspicious emails from reaching your inbox.
- Report phishing attempts: If you suspect phishing, report the attempt to the organization being impersonated or to your local cybersecurity authority. Many email providers also allow you to flag emails as phishing.
References:
ChatGPT. (2025, January). Cybersecurity tips: Episode 4 Phishing. Retrieved from https://chat.openai.com/Cisco. (n.d.). What is phishing?. from https://www.cisco.com/c/en/us/products/security/email-security/what-is-phishing.html
IBM. (n.d.). Phishing: Don’t take the bait. from https://www.ibm.com/think/topics/phishing
National Cyber Security Centre. (n.d.). Phishing: How to spot and report scam emails and text messages. from https://www.ncsc.gov.uk/guidance/phishing#section_2
PhishingBox. (n.d.). The hidden danger of messaging apps. from https://www.phishingbox.com/news/post/hidden-danger-messaging-apps
TechTarget. (n.d.). What is phishing?. from https://www.techtarget.com/searchsecurity/definition/phishing