Everything you need to know about phishing

Fraude en ligne phishing
Image Credit: Shutterstock (Image credit: wk1003mike / Shutterstock)

Security threats are real, and they continue to grow and evolve almost daily. With constant reports of large companies suffering data breaches, we can not settle for “good enough” security. Instead, we need to deepen our understanding of how security threats evolve and find ways to prevent them from harming our online presence. One form of threat that has seen a huge surge and evolutionary jump in 2024 is phishing.

Phishing attacks are becoming increasingly complex thanks to artificial intelligence and advanced impersonation techniques. Usually, phishing is characterized as a combination of social engineering and cyberattacks that impersonate someone using electronic communication. These attacks are often given accompanying names: Spear phishing, Whale phishing, Smishing, Vishing, and email phishing. Thanks to modern impersonation techniques, spearheaded by various applications of AI and large language models, the entire phishing landscape has changed. Namely, according to a 2024 mid-year assessment on phishing, global users saw an increase in phishing attempts of 341% in the first six months of 2024 and 856% from June 2023 to June 2024.

Trend Micro Premium Security Suite plus ScamCheck

Trend Micro Premium Security Suite plus ScamCheck

Powered by AI, Trend Micro Premium Security Suite with Trend Micro ScamCheck provides complete device security, identity protection, and scam prevention for up to 10 devices.

It works on Windows, Mac, Android, iOS, and Chromebook so you can secure all yours and your family’s devices whether you are at home or on the go. 

The security suite includes Maximum Security with 24/7 support, Mobile Security, ID Protection, ID Theft Restoration, a Password Manager, Trend Micro Scam Chec,k and a secure VPN for protection on public WiFi.

You might also want to check out Microsoft replaced as the most-phished company by a surprising entrant.

Anatomy of a phishing attack

The entire paradigm behind a phishing attack revolves around some form of deception that gets you to click on a link, scan a QR code, download an attachment, or simply send your private information to an attacker. Phishing is usually, but not necessarily always, done via email. Often the email looks like it's from a legitimate company or website, and contains a link that may lead you to a fake website that looks like the real deal. There you are prompted to enter your information and potentially credit card information, which is then sent to the attacker.

Before the advent of chatbots and spell checkers, phishing emails could easily be recognized by their spelling mistakes, or purposefully misspelled URLs. But today, with AI, the attacks gained in complexity. Therefore you can come across AI voice generators creating a voice that sounds like an authority figure in the company or a family member. Such attacks are performed over the phone, and a short voice sample is enough for sophisticated attackers to try and dupe you. In 2024, a company in Hong Kong was phished using these sophisticated methods, costing the said company over $25 million.

Telltale signs of a phishing attack and how to protect yourself

Even though the attacks themselves are evolving, there are some precautionary steps you can take and some telltale signs that can give away a phishing attack.

  • A deal too good to be true - messages that have lucrative offers, or use language aimed at creating urgency, should be your first indication that phishing may be afoot. You can always check whether the offer in question is actually active at the legitimate business, or if a person asks for some information or files urgently, you can always call them directly to double-check whether they sent the email in question.
  • Inspect thoroughly - pay attention to the sender of the email, there may be inconsistencies in their email address (mismatched domains). Emails received at odd hours of the day should also raise alarm bells.
  • Check links or avoid clicking altogether - hover over links, if the address is different from what you expected, avoid clicking on it. Similarly, before scanning a QR code, check whether it was tampered with (stickers placed over the original QR code). The best case is you avoid scanning QR codes or clicking on links from emails.
  • Examine photos and videos - look carefully at photos or videos you see on social media ads or websites. For now, AI often generates images of humans with more fingers, but as it evolves this may not be the case. Your best bet is to be vigilant and look if something is out of place or simply doesn’t feel right, deepfakes may be difficult to recognize, but not impossible.
  • Use complex security - multi-factor authentication (MFA) is a great way to stay protected. You can copy good practices from companies by changing your passwords monthly and making them more complex. Moreover, companies often have education campaigns on various cybersecurity threats, so staying abreast of new developments in the field will be of immense help to stay protected.

Parting words

While phishing has evolved over the past few years with the advent of ChatGPT, it does not mean that there is nothing you can do to stay protected. Sure, it means that you have to stay vigilant and pay more attention to the messages and communication you receive. Understanding the risks is the first step, but proactive measures are just as crucial in the fight against modern phishing tactics. However, using common sense, coupled with advanced security and protection techniques will go a long way towards you and your personal information staying protected.

TechRadar Pro created this content as part of a paid partnership with Trend Micro. The content of this article is entirely independent and solely reflects the editorial opinion of TechRadar Pro.

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.