Phishing has appeared more and more these days. Each day we have seen topic of phishing appear in news more and more. Phishing is a serious threat to any industries. You might have already received a fraudulent email from what seemed to be from your bank or even seen the hacking of Linkedln that took place this year. But what do you know about phishing ?
What is phishing ?
Phishing is a type of social engineering where an attacker sends a fraudulent (e.g., spoofed, fake, or otherwise deceptive) message designed to trick a person into revealing sensitive information to the attacker or to deploy malicious software on the victim’s infrastructure like ransomware.
Phishing is the fraudulent attempt to obtain sensitive information like login information or other personal identification information (PII), which is any data that could potentially identify a specific individual, such as:
- Credit card details
- SSN (social security number)
- Bank account information
- Phone number
- Secret question answers.
Even partial information can increase the chances of success to subsequent social engineering attacks.
In a phishing attempt, something lures the victim pretending to be a trustworthy entity, such as:
- Electronic communicators
- Internet providers
- Retail companies
- Shops and others
Types of phishing
In an email phishing scam, the attacker sends an email that looks legitimate, designed to trick the recipient into entering information in reply or on a site that the hacker can use to steal or sell their data.
Image phishing uses images with malicious files in them meant to help a hacker steal your account info or infect your computer.
Voice phishing, or “vishing,” happens when a cybercriminal calls a phone number and creates a heightened sense of urgency that makes a person take an action against their best interests. These calls normally occur around stressful times. For example, many people receive fake phone calls from people purporting to be the Internal Revenue Service during tax season, indicating that they want to do an audit and need a social security number. Because the call creates a sense of panic and urgency, the recipient can be tricked into giving away personal information.
Although most people use pop-up blockers, pop-up phishing is still a risk. Malicious actors can place malicious code in the small notification boxes, called pop-ups, that show up when people go to websites. The newer version of pop-up phishing uses the web browser’s “notifications” feature.
Spear phishing involves targeting a specific individual in an organization to try to steal their login credentials. The attacker often first gathers information about the person before starting the attack, such as their name, position, and contact details.
In a pharming attack, the victim gets malicious code installed on their computer. This code then sends the victim to a fake website designed to gather their login credentials.
Malicious actors often apply similar tactics to different types of technologies. Smishing is sending texts that request a person take an action. These are the next evolution of vishing. Often, the text will include a link that, when clicked, installs malware on the user’s device.
Some preventive measures are as follows :
- Know what a phishing scam looks like
- Don’t click on that link
- Get free anti-phishing add-ons
- Don’t give your information to an unsecured site
- Rotate passwords regularly
- Install firewalls
- Don’t be tempted by those pop-ups
Phishing is usually hard to detect because malicious pages are created deep inside the directory structure. People don’t normally check those directories and unless you know the exact URL of the phishing, you would never know your site is hacked. It is advisable to have an account in Google Search Console to notify you about security problems, including phishing. And always keep in mind the preventive measures.