Everything You Need To Know About Two-Factor Authentications Scams: Phishing Attack Techniques & Scams

Phishing Attack

A Phishing Attack 

You’ve just gotten home from a long day at work. You make a cup of coffee and sit at your coffee table to check your emails. As you’re scrolling through your inbox, you notice an email from a company that you know and trust on Netflix. It has the big red Netflix logo and header. The email tells you that your account is on hold or frozen due to a billing error and invites you to click on a link to update your payment details. Without too much hesitation, you click on it. You haven’t heard of phishing attack techniques and scams before? right!

You’ve just fallen for one of the most common scams in the US. At a glance, this email may look convincing, but in fact, this email has nothing to do with Netflix. Your email typically filters out phishing emails and puts them into the spam box, but unfortunately, some scammers have been able to outsmart spam filters, making it even more difficult to trust whether or not the emails you are receiving from reputable companies are legitimate. 

What Exactly a Phishing Attack is?

A phishing attack is a form of social engineering attack used to steal an individual’s personal information and data, login credentials, and card numbers. It is one of the easiest forms of cyberattack, and also one of the easiest to fall for. Through these phishing attack techniques and scams, a hacker can receive everything they need from their targets’ personal accounts. Phishing emails can have serious consequences for people who provide their personal information. Thankfully, there are telltale signs that can help you pinpoint a scam and avoid falling for one. 

Hook and Catch

How  Phishing Attack Technique and Scam Works? Bait, Hook and Catch

Step 1. The Bait

The first of the three steps of a phishing scam is preparing the bait. This requires details about the target, which can be as simple as knowing what services they use or what they are subscribed to, such as Spotify, Apple Music, Hulu, Netflix, and HBO Max. To bait you, the scammer will ensure that everything looks normal and they won’t expect you to think twice about a company you trust. By mimicking the logos and headlines of these trusted companies, they are likely tricking you and luring you into their scam and gaining unlimited access to your personal information. If they have your name and email you might have given them sufficient information to start the scam process. 

Step 2. The Hook 

Once the scammer has received the necessary information to use as bait, they need to catch your attention. Typically, they will tell you that you need to re-verify personal information, or that you’ve been logged out of your account and to sign back in, you must click on a link. In many scam cases, the hook involves making the target believe that one of their accounts has been compromised. This creates a sense of urgency making a target act quickly and sometimes, mindlessly. The scammer will then redirect the target to a link where they can harvest all of the victim’s information necessary to complete a successful scam. 

Step 3. The Catch 

The third step of the phishing scam is the actual attack. The attacker’s next action will depend on the scam. For example, they may use a landing page to gain access to emails and passwords so that they can log in to the victim’s email account in order to collect more information and utilize it for themselves. Once logged into your accounts, they will share the scam with friends and family from your account, catching more and more people. 

Phishing Techniques 

Email phishing is a total numbers game. When scammers are sending out thousands of fraudulent messages, they can gain access to significant information and money, even if only a small percentage of people fall for the scam. 

Phishing emails and text messages often tell a story to trick you into clicking on a link or opening an attachment. They will say something to grab the reader’s attention and even make them worried and concerned.

Here are some of the common things scammers will say:

  • They will tell you they’ve noticed some suspicious activity log-in attempts. 
  • Insist there is a problem with your account or your payment information. 
  • Insist on confirming some personal information. 
  • Fake invoices.
  • Insist on clicking a link to make a payment. 
  • Tell you you’re eligible to register for a government refund.
  • Offer a coupon for free things.

When receiving a convincing email from a reputable company, there are key signs of recognizing a phishing email. The most common signs include unfamiliar greetings, grammar errors or misspelt words, email addresses and domains that don’t line up, unusual content or requests, and most importantly, a sense of urgency. If a company is insisting that you “act now” or “immediate action is required”, it’s probably a scam. A safe bet is to contact the customer service line listed under the company’s page and get in contact with them over the phone. 

What Actually Happens If You Click The Link 

Depending on your situation, a few different things can happen when you click a phishing link

  • A hacker may receive information from or about you. This includes basic data, deciding statistics, approximate location and any other information you may have provided. 
  • Malware may be installed on your device. Dangerous software such as spyware, ransomware, or viruses can be installed in order to collect confidential data.
  • Your network and contacts may be in danger. Breaches to your network can happen when clicking on a phishing link and hackers can easily send people in your contact list the same email. This often happens on social media platforms such as Facebook and Instagram. 

Dangerous software

Phishing in Social Media 

Armed with personal information such as your birthday, social security number, middle name, maiden name and an educated guess on the whereabouts of your bank or retirement accounts, a hacker can reset your password and gain full access to your social media accounts. And they may even pretend to be you. A surprising amount of detailed information is found on social media and can make it easier than ever for a hacker to learn about you. 

A few months ago, a close friend from high school made an Instagram post stating that she had just made $5,000 within 10 minutes. At first, it sounded a little odd, but coincidentally she had always been great at making a couple of extra bucks here and there on website questionnaires and surveys. In fact, she was so good at it; she would post TikTok on how she did it. The more I thought about it, the more it made sense. Her Instagram post was convincing – so convincing it even sounded like something she would write. Before clicking on the link posted at the top of her page, I called her. We needed to catch up anyway, so it seemed like the perfect time to give her a call and ask her about her post. She picked up the phone within seconds of me calling her and screamed “don’t click the link, I’ve been hacked!” 

When a link is clicked, the victim is routed through a series of screens and web pages where important information is leaked. Clicking on these kinds of links can pose a serious threat and put you in danger, making you fall victim to one of the worst scams out there: the phishing scam. 

Social media is a continuing threat, and with convincing posts designed to entice you and click the link, all of your information can be at risk and stolen. You may even be locked out of your account forever. 

How To Prevent A Phishing Attack

In order to protect yourself from an attack, it is crucial to understand the threat and how it works. Here are a few steps to follow when identifying and preventing phishing scams: 

  1. Know what a phishing scam looks like. New tactics and methods are being developed over time, but they share commonalities that can be recognized if you know what to look for. The more you find out about the latest attack strategies, the more likely you’ll be to think twice about clicking on a link. 
  2. Don’t click the link. As tempting as it may be, resist the urge of clicking on any link that is sent through email or private messages. Do some research and digging. Most attackers are familiar with the destination of a URL and can make it look like a copy of a genuine site. Don’t let them outsmart you. 
  3. Add free anti-phishing add-ons. Browsers will always let you download add-ons that can help pinpoint signs of malicious malware or alert you to scamming sites. Although an anti-phishing add-on can’t 100 percent guarantee full protection, it’s free and there’s no harm in adding protection. 
  4. Never give your information to unsecured sites. Observe the URL, if it doesn’t start with “https”, it’s probably linked to a scam. Sites without security certificates don’t always suggest a scam, but it’s better to avoid them and be safe than sorry. 
  5. Change your passwords regularly. Getting into the habit of changing your passwords can prevent a hacker from gaining unlimited access to them. By adding an extra layer of protection through password rotation, you can prevent ongoing scams or even lock out potential attackers. 

Keep Your Personal Information, Personal

If you really want to avoid facing these kinds of issues, the best thing you can do is keep your personal information as private as possible. With FOUND ME you can do exactly that. By using FOUND ME’s tags and labels to help good samaritan’s contact you regarding your found belongings. You will be increasing your chances of reuniting with what is lost while keeping your information secure and only sharing what you are comfortable with, such as your home address and phone number. To learn more about FOUND ME and what it has to offer, visit: Foundme

About us

We are all at risk of losing the people pets and valuables that mean the most to us. FOUND ME was created as a global solution to tamper this risk and provide peace of mind. We exist to protect everyone and everything important in our customer’s lives.

Try us out