Types of Phishing: Voice Phishing and Spear Phishing and How to Protect Yourself
Phishing attacks are scams that are designed to steal your personal information and your identity. The word "phishing" began back in the mid 1990s when scammers began hacking into AOL accounts. The email messages appeared to come from the AOL service when in reality it came from the scammer. The email requested you to update your AOL information which tricked users into exposing sensitive information to the scammers. Phishing attacks then spread to PayPal, online websites, banking sites, and from there spread to voice phishing.
There are two relatively new forms of phishing attacks which are known as voice phishing and spear phishing:
Voice phishing is a new form of identity theft which tricks you into revealing personal information when the scammer replaces a website with a telephone number. The website is usually one that you visit frequently which the scammer can determine by installing spyware into your computer or by simply hacking the website to obtain information and email addresses.
The website sends you an email that looks like it is from the legitimate source and tells you to call a telephone number to verify your information. The message tricks you into revealing your information by saying that your account will be closed if you do not respond. When you call the number an audio response answers at the receiving end of the compromised telephone line and requests your personal information including your username and password to the website.
Generally it is difficult to track down these telephone numbers because the scammer uses software to cloak the telephone number when you try to trace the location of the scammer.
Spear phishing works like regular phishing except that it is highly targeted to a specific recipient. Spear phishing scammers can send emails to your email client that look like they came from your employer or other colleague that generally sends regular email messages to a company group on a routine basis. The email includes specifically targeted information about organizational issues that are familiar to the recipients.
The email message encourages you to click to open an attachment or enter a username and password. The spear phisher then downloads malware or some other kind of malicious software that spies on your computer activity and logs your keystrokes.
How to Protect Your PC and Yourself
- Avoid Mass Emails: Avoid mailing out regular mass email to a group or organization which encourages clicking on links and attachments. Regular mailings encourage the recipients to accept this as a routine procedure and will make it difficult for them to differentiate between the real deal and the scammer.
- Use Anti-Phishing Software: Add anti-phishing software to your Web browser and email clients because these are the platforms that phishing scams use to operate. Some antivirus programs such as McAfee employ a Site Advisor to help you determine whether or not a website or attachment is legitimate.
- Non-Password Authentication: Use other means for identity authentication of the users that does not involve the use of a password when possible.
- Phishing Education: Keep the recipients of your email educated on the latest phishing attacks and how to watch out for them. Explain to them what to do in the event of a phishing attack.