Skip to main content

Phishing and Its Types

Phishing(not fishing🤪), is a very common form of fraud still being used today.

What is Phishing?

Phishing is a form of fraud in which the attacker tries to learn information such as login credentials or account information by masquerading as a reputable entity or person in email, instant messages, or other communication channels.

How does it work?

The "phisher" or "attacker" falsely claims to be an established legitimate enterprise and uses email to direct the user to visit a website where they are asked to update personal information such as passwords, credit card, social security, and bank account numbers which the real legitimate organization already has. These websites are bogus or fictitious websites, created by "random hackers" but are more likely to be conducted by perpetrators out for financial gain or trade secrets and usually appear to come from a trusted source or from someone in position of authority.

Why does it work or continue to work?

This scam uses social engineering a non-technical intrusion that relies heavily on human interaction and often involves tricking people into breaking normal security procedures. The "phisher" will research social media sites and/or corporate website to gather information in an attempt to make the email appear to be annivesaries or take advantage of breaking news stories, both true and fictitious.

Types of Phishing Attacks

Social Engineering

On your Facebook profile or LinkeIn profile, you can find: Name, Data of Birth, Location, Workplace, Interests, Hobbies, Skills, Relationship Status, Telephone Number, Email Address, Favorite food and etc... This is everything a Cybercriminal needs in order to fool you into thinking that the message or email is legitimate.

Link manipulation

Most methods of phishing use some form of deception designed to make a link in an email appear to belong to the spoofed organization or person. Misspelled URLs the use of subdomains are common tricks used by phishers. Many email clients or web browsers will show previews of where a link will take the user in the bottom left of the screen or while hovering the mouse cursor over a link.

Spear Phishing

Phishing attempts directed at specific individuals or companies have been termed spear phishing. Attackers may gather personal information(social engineering) about their target to increase their probability of success. The technique  is, by far, the most successful on the internet today, accounting for 91% of attacks.

Clone Phishing

A type of phishing attack whereby a legitimate, and previouly delivered email containing an attachment or link has had its content and recipient address(es) taken and used to create an almost identical or cloned email. The attachment or link within the email in replaced with malicious version and then send form an email address spoofed to appear to come from the original sender.

Voice Phishing

Voice phishing is the criminal practice of using social engineering over the telephone system to gain access to personal and financial information from the public for the purpose financial reward. Sometimes referred to as 'vishing', Voice phishing is typically used to steal credit card numbers or other information used in identity theft schemes from individuals.

Tips to protect yourself from Phishing attacks

  •  No one or any organization will never ask for your password over email. Please be aware of any email askiing for passwords. Never send passwords, Bank account numbers, or other private information in an email.
  • Be cautious about opening attachments and downloading files from emails, regardless of who sent them. These files can contain viruses or other malware that can weaken your computer's security. If you are not expecting an email with an attachment from someone, such as a fax or a PDF, please call and ask them if they indeed sent the email. If not, let them know they are sending out Phishing emails and need to change their email password immediately.
  • Never enter private or personal details into a popup window.
  • If there is a link in an email, use your mouse to hover over that link to see if it is sending you to where it claims to be, this can prevent many phishing attempts.
  • Look for 'https://' and a lock icon in the address bar before entering any private information on a website.
  • Look for spelling and bad grammar. Cybercriminals are not known for their grammar and spelling. Professional companies or organizations usually have staff that will not allow a mass email like this to go out to its users. If you notice mistakes in an email, it might be a scam.

Tips to protect yourself from Phishing phone calls

  • Don't buy from an unfamiliar company. Legitimate businesses understand that you want more information about their company and are happy to comply.
  • Always check out unfamiliar companies with your local consumer protection agency, Better Business Bureau, state attorney general, the National Fraud Information Center, or other watch dog groups.
  • Obtain a salesperson’s name, business identity, telephone number, street address, mailing address, and business license number before you transact business. Some con artists give out false names, telephone numbers, addresses, and business license numbers. Verify the accuracy of these items.
  • Don’t pay for a “free prize.” If a caller tells you the payment is for taxes, he or she is violating federal law.
  • Never send money or give out personal information such as credit card numbers and expiration dates, bank account numbers, dates of birth, or social security numbers to unfamiliar companies or unknown persons.
  • If you have been victimized once, be wary of persons who call offering to help you recover your losses for a fee paid in advance.
Also read,

Labels:

Comments

Post a Comment

Popular posts from this blog

Top 10 Free Web Hosting Provider 2019

Post a Comment
Read more

The Dark Web

7 comments
Read more

What is Wireshark?

2 comments
Read more