Do you know the difference between a vishing and a smishing attack? Or that spear phishing doesn’t happen in the ocean? Cyberattacks are the fastest-growing crime in the U.S. – and they cause personal and business devastation every day.
Because technology – and the schemes to manipulate users – changes so quickly, it’s important to be in the know. See how well you stack up:
What’s the No. 1 type of cyberattack?
Ransomware, and experts say it’s a growing concern. A type of malware that encrypts a victim’s files, ransomware allows the attacker to demand money to restore access to important documents or photos saved on your hard drive.
What’s the difference between phishing and spear phishing?
Phishing is the attempt to gain usernames, passwords and credit card numbers by impersonating a trustworthy sender in an email or other digital communication. This might entail disguising their email to look like someone you know or including a link to a fake website to trick you into entering private information.
Spear phishing is tailored to one individual and may mention an upcoming trip or a child’s name, for example.
How many different versions of phishing are there?
Unfortunately, there’s a growing list of phishing scams. But there are two popular ones to be aware of:
Vishing is a voice version of phishing. The caller pretends to be from law enforcement, the government or a bank and will try to gain access to Social Security numbers, account numbers or other personal information by asking the victim questions for “verification” purposes.
Smishing is an SMS (or text) version of phishing. You know those automated alerts from the credit card company or PayPal? It might be disguised in that way.
Next steps: How to protect yourself
Criminals are getting more sophisticated. But you can combat the risk by putting these protections in place:
- Be diligent about not sharing information. It might be fun to answer a silly quiz on Facebook, but criminals can use this to gain access to security question answers, like your first dog’s name or the street you grew up on.
- Use multifactor authentication, which requires two or more authentication factors to access devices, applications or online accounts.
- Browse in “incognito” mode so local search history is not stored and cookies are blocked.
- Use secure passwords that include a mix of uppercase and lowercase letters, numbers and symbols. Make sure each password is at least 12 characters and doesn’t contain personally identifiable information. Pro tip: Use a password management app to help you create and organize them.
- Use a virtual private network (VPN) to create an encrypted connection between your devices and the internet that hides your online activity.
- Regularly back up files to a local external server or a cloud server. At least you’d have access to all your files in case of an attack.
- Look for the “s” in “https.” It stands for secure, and it must be there when you’re entering your credit card or banking information to make a purchase. This alone does not mean a site is secure, but it certainly should be a red flag if it is not there.
- If you are unsure if a call you answer is a vishing scam, hang up and dial the company you believe is trying to reach you – for example, your bank – directly.