Teach a Man to Phish - How to Stay Safe from Cybersecurity Scams

Ruby Berke, Manuel Vega |

Teach a Man to Phish: How to Stay Safe from Cybersecurity Scams 
    Cybersecurity scams are tactics used by attackers who attempt to access your account(s) to steal money or information. In the era of AI and other modern technologies, these scams have evolved into sophisticated techniques that often involve impersonation, social engineering, and the use of trusted platforms. Below are some common cybersecurity scams and the key ways to protect yourself against them.


Social Engineering 
    In the context of cybersecurity, social engineering refers to psychological manipulation used to gain unauthorized access to information or accounts. These techniques exploit human vulnerabilities rather than technical ones. Oftentimes, social engineering scams target people by impersonating coworkers, tech support, or trusted representatives. They can also impersonate “bad guys” who fictionalize threats to create a sense of fear or helplessness. The attackers then leverage that sense of trust, urgency or fear to trick you into revealing sensitive information or performing actions that compromise your security.


Malware and Ransomware 
    Malware is a general term for any software created with harmful intent. It includes programs designed to damage computers, spy on users, or steal sensitive information like passwords or personal files. These kinds of dangerous, digital threats are often spread via email attachments, links or downloads, and compromised or unsafe websites. 
    Ransomware is a particularly serious type of malware that works by trapping your files so you cannot open or use them. It then demands payment (often in digital currency) in exchange for restoring your access. In many ways, ransomware acts like a digital hostage situation, where your own data is held until a ransom is paid. Even in cases where payment is made, there is no guarantee that files will actually be returned. 


Phishing and Spear Phishing Attacks 
    Phishing is a form of social engineering where attackers deceive others into revealing sensitive information or installing malware. In general, phishing attacks involve a scammer casting a wide net by sending emails or messages that impersonate legitimate, trusted organizations (like banks or educational institutions) to large groups of recipients at once. The typical phishing scam uses generic messaging that aims to trick recipient(s) into opening a fraudulent link, responding with personal information, or calling the sender. These actions can lead to malware being installed on your device, the recording of your voice, and theft. 
    Spear phishing is a highly targeted form of phishing where attackers tailor messages to a specific individual or organization using personalized details. In these cases, the attacker sends messages directly to their target recipient rather than to a large group, and the fraudulence is usually harder to detect due to the degree of personalization. 


Phone Scams and Caller ID Spoofing 
    Phone scams have existed for decades and remain a huge threat. A common tactic is caller ID spoofing, which occurs when a caller deliberately falsifies the information displayed on your phone to appear as a trusted contact, such as a bank, government agency, healthcare provider, or even a family member. With the rise of AI and deep-fake voice technologies, scammers may also imitate the voice of someone you know to make their calls more convincing. Their goal is often to obtain personal information, account credentials, financial information, or direct payments. 


Don’t Take the Bait: How to Protect Yourself 
    • Be skeptical of urgent requests that pressure you to act immediately (especially if they involve money, passwords, or sensitive information).
    • Never provide passwords, authentication codes, Social Security numbers, banking information, or other sensitive information through email or text message.
    • Be cautious of unsolicited calls requesting personal information and do not rely solely on caller ID to verify a caller’s identity.
    • If a caller claims to be a family member in distress, verify their identity through another communication method before acting.
    • Always be cautious when opening email attachments, especially if they are unexpected or come from unknown senders. 
    • Carefully inspect the sender’s email address, even if the display name looks familiar. 
    • When in doubt, contact the organization/person directly via a trusted phone number, rather than the information provided in an email or message.
    • Always verify links and files before opening them and never click links or download files from untrusted/suspicious websites. 
    • Ensure your operating system, web browser, and applications are up to date. 
    • Use reputable anti-virus and anti-malware software and ensure it is regularly updated.
    • Back up important files regularly and store backups in a secure location that is separate from your primary device.
    • Enable multi-factor authentication (MFA) whenever possible to add an extra layer of account security.