There has never been a better time to secure your information and data on the internet, as hackers are developing new methods of stealing valuable information on the internet. One of these methods is called phishing. So, what are phishing attacks?
According to imperva, “Phishing is a type of social engineering attack often used to steal user data, including login credentials and credit card numbers. It occurs when an attacker, disguising as a trusted entity, dupes a victim into opening an E-mail, instant message, or text message”. It is a type of social engineering where an attacker constructs and sends a fraudulent message, to trick a person into opening sensitive information to the attacker or to put a bad software on the victim’s infrastructure like ransomware and malware. As of 2020, phishing attacks have become the most popular attacks done by cybercriminals.
The name “phishing” may sound as a funny name to call this attack, and one may be curious as how the name was formed. Like fishing, phishing is a technique used to “fish” for username, data, and information from the “sea” of users.
TYPES OF PHISHING ATTACKS
There are numerous types of phishing attacks, but the most common have been highlighted below:
- E-mail phishing: Most phishing attacks are sent by E-mail, and it is usually not targeted to a particular individual or company. This is also termed bulk phishing. A bulk phishing message may contain different kinds of message, depending on what the attacker is planning to achieve which may include impersonating banks and other financial institutions, streaming services, etc. Attackers may use information obtained to steal money from a victim and other planned malicious activities.
- Spear phishing: This involves an attacker targeting a particular organization or person with a structured phishing communication. This is a way of sending a particular E-mail to someone and making them think the E-mail is valid. Just like bulk phishing, spear phishing attackers would gather personal information about their attackers to increase their success rate of the attack.
- Whaling and CEO fraud: Whaling refers to spear phishing, directed to senior executives and other high-profile targets. While CEO fraud often has low success rates, criminals can obtain large amount of money from the few attempts that succeed.
- Clone phishing: This is a type of phishing attack where a legitimate, and previously delivered e-mail containing an attachment or link has had its content and recipient address(es) taken and used to create an identical or cloned e-mail.
What are the signs of phishing attempts?
You may feel that you can never know is you’re being attacked, because the structure of the e-mail looks legitimate. But there are ways to spot a phishing E-mail:
- They ask for sensitive information: Legitimate businesses will not request for credit card information or any other type of sensitive information.
- They use a different domain: Always check the domain used in sending an E-mail to you. It must be legitimate.
- They contain links that do not match the domain: A URL like must contain Error! Hyperlink reference not valid. at the beginning. However, phishing links do not always contain that. It is important to pay attention to the smallest of details when surfing the internet.
HOW TO AVOID PHISHING ATTACKS
- Education and awareness: It’s very important to educate and create awareness about this kind of attack, as a large amount of people may not have knowledge about it.
- Do not open attachments; Do not open strange attachments. These attachments are usually in Word, Excel, and PowerPoint format.
- Do not give your information to an unsecured site: Resist the urge to give your sensitive information online.
- Change passwords regularly: Always change your passwords regularly for extra security.
- Install strong firewalls: Install strong firewalls for extra protection of your devices.
As the internet is evolving, so are new methods and ways to commit malicious crimes online. It is always important to educate ourselves and be aware of these acts, to find ways to avoid them, and avoid becoming a victim.
We are Platview Technologies. We are an innovative and agile cybersecurity company with the goal of safe-guarding businesses with our world-class, industry-leading services and technology solutions. We commit to understanding your business objectives and goals to align a tailored security services and strategy allowing your business to grow without added security risk.