Last time, I wrote a blog that defined phishing and detailed its many types. For the next installment of this series, let’s discover the stages of phishing – and be informed about what to do in order to protect yourself from becoming a potential phishing victim.

The three stages of a phishing attack are as follows: bait, hook, and catch. Let’s try to identify and describe each stage in order to fully understand how phishing works.

Bait

The “bait” stage can be described as the reconnaissance phase, where cybercriminals prepare the attack and research crucial information about a potential phishing target. During this stage, cybercriminals can scour the internet to check email lists to determine possible targets, spend weeks of research to imitate a specific person or product, or visit a target’s social media pages to gather specific information or details for later use.

This is why data privacy and data protection are vital in protecting customers and clients – one small leak containing private information such as email addresses or names is enough to cause a targeted phishing attack.

Hook

The “hook” stage in a phishing attack is where cybercriminals trigger a response and action from the victim. The goal is to create a sense of urgency that will make the victim into acting impulsively in order to fix a “situation.” Most times, this stage is where victims receive emails or texts containing an alert or an urgent message, informing them that their accounts have been compromised, their payments didn’t post, or they cannot be verified.

Catch

The “catch” stage is where victims fall for the phishing attack. It’s when a cybercriminal has successfully manipulated its target into clicking a link leading to a fraudulent website that harvests credit card information, or an attachment that contains malware that can steal sensitive information.

What to Do to Prevent the Scam

Now that we’ve explored the stages of phishing, what can be done to prevent the scam?

1. Be on the lookout and always be alert. When a text message or email feels off or suspicious, make it a habit to check the sender’s email address or number, look for spelling errors, and verify everything before downloading a file or clicking a link.
2. As a follow-up, the general rule is to never click on a link from an unknown source. Think before you click!
3. It is always wise to never give out sensitive information such as login details, passwords, bank or credit card information over the phone or via email. If someone calls you and asks for these, it’s best to hang up and call your bank or service provider.
4. Avoid replying to texts from unknown numbers.
5. Be mindful of what you post on social media.

Should you receive a suspected phishing attack, never give information about Teleperformance, do not verify your email address, do not follow any instructions or share images of your workstation. Report it to your supervisor immediately but do not respond or reply. You may also report to the global security team by sending the email as an attachment to phishing@teleperformance.com.  If you feel like you fell victim to a phishing email, please contact Teleperformance’s Global Incident Response Team at GIRT@teleperformance.com.

You are the first line of defense when it comes to cybersecurity! Let’s all work together in maintaining a secure environment at Teleperformance. Together, we can #PreventTheScam.