Phishing Attacks — What to do About Them

Tom Popomaronis | July 3, 2017

It may surprise you that hacking predates the internet, using such devices as a slide whistle…and that such hacks relate to fake emails from Nigerian princes wanting to give you millions of dollars.

We know it now as phishing. Here’s where phishing attacks started, and what to do about them.

The Origins of “Phishing”

The word “phishing” doesn’t carry the “ph” because of the band Phish, but rather from telephones.  Some of the earliest hacks were done on Ma Bell.  Scammers figured out how to hack into telephone systems using the same sounds as the systems themselves.  They could do such things as make free long-distance phone calls with their hacks (something hackers are still up to with modern VoIP systems).

Outsmarting the phones became known as phreaking, ph + freaking.  When hacking scams began hooking and baiting victims, the “ph” from phreaking stuck around, and we got “phishing,” ph + fishing.

But Ma Bell got smarter, and telephones started using more complex tones that were not so easily replicated.  Phreaking, like pay phones themselves, are a thing of the past. Young people today likely wouldn’t recognize the sound of a dial tone and call the pound symbol a hashtag.

But the secrets to beating phishing attacks require we do like Ma Bell did: get smarter.

Sophisticated Phishing

Even when obvious scams were the phish-du-jour, people were falling for them.  Schemes about Nigerian princes or lotteries-you-never entered wanted your bank account information and they would send you money. Those had some victims but mostly preyed upon the not-so-tech-savvy.

Today’s cyber scams have gotten much more sophisticated, duping even the more discerning crowd.  And it’s costing American businesses an estimated half a billion dollars per year.

Here are some common characteristics of modern phishing scams:

  • Most start with an email, the lure.
  • Some target specific industries, like the financial, telecommunications, healthcare or government agencies, but many broadly target anyone.
  • They may be in the form of an attachment, a link you click, or an external “sign into your account”
  • Most now contain malware, frequently ransomware.
  • They want your personal data, spread to (“infect”) others in your network, and about half directly look for money.
  • Your devices may be infected without your knowledge. A slowed computer may be the first sign of infection.

What to do About Phishing

The single most important thing you can do about phishing attacks is to know what to look for.  Cyber security begins with prevention, and an ounce of prevention is indeed a pound of cure.

  • Do not click on unexpected attachments.
  • Notice anything “odd” such as grammatical errors, hearing from someone you haven’t heard from in a long time, or slight differences in email address or websites.
  • Never enter your login information off of an email, always directly go to the site yourself.
  • Be careful when you browse: in social media or online, those links are not necessarily safe.
  • Enable two-step verification on your email and social media accounts, thereby giving your credentials an extra layer of protection.
  • Forward any suspicious looking email to a professional.

Until the cyberverse learns to outsmart phishing scams the way that telephone companies made hacking more difficult, it falls on each of us to identify and avoid cyber security attacks.

Fortunately, if you keep your systems up-to-date and stay informed about trends and insights in cyber attacks, you and your business can proactively prevent phishing attacks.

If you find you or your business have been compromised in a cyber security breach, such as a phishing attack, contact us.  We can help mitigate threats swiftly and get you back in business.

EVP, Innovation
Tom is a serial entrepreneur, product development expert, and content management strategist. Every hour of every day (perhaps too many hours) he focuses on strategies for our Executive Leadership Branding clients to build a powerful and credible online reputation.