Worth Wealth Management

Identifying Phishing Attacks

News
March 17, 20263 min read

What is a Phishing Attack?

Phishing is a form of cybercrime in which cybercriminals deploy fraudulent communications to a user or organization that are created to appear to have come from a legitimate source. These communications are made to trick recipients into giving out sensitive information such as bank account information or credit and social security numbers. According to an IC3 Annual Report, there were around 298,878 victims of phishing attacks in 2023 which incurred losses of around $18,728,550. As phishing attacks increase in frequency, it is important to understand the different types of phishing attacks and how to best protect yourself from them.

Spear Phishing

Spear Phishing is a targeted phishing attack in which a cybercriminal uses personal details and information to disguise themselves as a trustworthy entity to acquire sensitive data. Cybercriminals will typically conduct research on their target using public information such as social media to learn to plan their method of attack. The cybercriminal will then use the information they obtained to send their target a legitimate looking email with the hopes that their targeted individual interacts with the sent email. These phishing emails can be spotted by identifying common red flags such as spelling and grammatical errors, generic greetings, and odd urgent requests.

Smishing

Smishing is a form of phishing attack that is carried out by text or SMS message. Smishing attacks are similar to spear phishing attacks in which they often are created to look like a legitimate text message. The contents of the sent text messages often contain links that contain malware or instructions that are meant to trick users into revealing sensitive information. These attacks are particularly dangerous because people may be more inclined to trust a text message rather than an email. Many individuals are unaware that phishing attacks could be carried out via text message and these attacks can be just as dangerous as a traditional phishing email.

Vishing

Vishing is a form of cybercrime where cybercriminals disguise themselves as a reputable business or entity and uses phone calls or voicemail messages to contact their targets to trick in them into providing them with sensitive information. Cybercriminals will often use threats and harsh language to convince their targets to feel pressured into releasing their information. Examples of this can be seen with fake tech support scams and IRS call center scams as well. When identifying a vishing scam always attempt to confirm the identity of the individual that is contacting you, if you do not feel comfortable with an inbound call, hang up and contact a business or individual directly.

I think I may be a victim of a Phishing Attack.
What should I do?

Stop all communication. If you are in contact with a scammer, cease communication immediately.

Report the incident. You can file a complaint with the FTC at https://reportfraud.ftc.gov.

Protect your identity. Monitor your financial accounts, credit reports, and any other sensitive information for signs of unauthorized access and activity. With most accounts, you can place a fraud alert or a credit freeze to prevent further compromise.

Document the incident. Keep any record of communication and documentation related to the scam. This can be extremely useful when reporting the incident and resolving any issues with authorities.

Please feel free to reach out to Lloyd Worth, Worth Wealth Management, at (303) 558-0214 or Lloyd.Worth@LPL.com for further discussion.

Mario Waller

Art Director

Back to Blog