Phishing is one of the most common cyber attacks on the Internet. Through it, criminals want to get hold of our personal and banking information, as well as our user accounts. It is not something new, so it is important to understand what phishing is.
In this post, we will discuss the most important aspects of this attack and how we can protect ourselves.
{jistoc} $title={Table of Contents}
What is phishing?
One of the characteristics of phishing is that it is a social engineering technique that cybercriminals use to defraud their victims and achieve their goals.
In this sense, phishing is an attempt to obtain another person's personal information through deceptive means. It is accomplished through the use of bogus emails and websites, allowing hackers access to your login credentials, bank information, credit cards, and so on.
The nature of the deception is left to the imagination and skill of the attacker. With the advent of social media, phishers have access to tons of personal information about their targets.
With this data, cybercriminals can fine-tune attacks based on the target's needs, wants, and life circumstances, creating a much more compelling proposition. The context of social networks makes much more powerful social engineering possible.
Effects of phishing
It is clear what phishing is, but what are its effects? Most phishing can result in identity or money theft and is also an effective technique for industrial espionage and data theft.
Some phishers even go so far as to create fake social media profiles, spend time developing a relationship with potential victims, and wait for trust to spring the trap.
The cost of phishing is not only financial damage; in these cases, there is also a loss of trust. It is not pleasant to be scammed by someone we thought we trusted.
The 6 most common phishing attacks
The following are some of the most common phishing attacks:
1. Email phishing/Spam
This is the most common technique to carry out computer phishing attacks. The same email is sent to millions of users requesting to fill in their personal details. These details will be used by phishers for their illegal activities.
Most messages have an urgent note requiring users to enter their credentials to update account information, change details, or verify accounts. Sometimes they may be asked to complete a form to access a new service through a link provided in the email.
2. Link manipulation/URL phishing
Link manipulation or URL phishing is the technique by which a phisher sends a malicious link to the target. When the user clicks on the deceptive link, it opens the phisher's website rather than the website specified in the link.
Normally, the appearance of the fraudulent website is identical to the real one that the user expects. This is done so that the target won't suspect anything and click on the manipulated link.
3. Web-based delivery
Web-based delivery is one of the most sophisticated phishing techniques. Also known as a “man in the middle”, the criminal stands between the original website and the phishing system. The phisher tracks details during a transaction between the legitimate website and the user. As the user continues to pass information, phishers collect it without the user's knowledge.
4. Spear phishing
While traditional phishing uses a 'cast and wait' approach, meaning mass emails are sent to as many people as possible, spear phishing is a much more targeted attack where the hacker knows which specific person or organization it pursues.
The use of social engineering techniques here is key because the criminal will try to know as much information as possible about his target so that the content of the email is as convincing as possible.
5. Keyloggers
Keyloggers refer to malware used to identify keyboard input. The information is sent to hackers who will crack passwords and other types of information.
To prevent keyloggers from accessing personal information, secure websites offer options to use mouse clicks to make virtual keyboard input.
6. Trojan
A Trojan or Trojan horse is a type of malware designed to trick the user into an action that appears legitimate (for example, downloading free software) but allows unauthorized access to the user's account to collect credentials through the local machine. The acquired information is passed on to cybercriminals.
How to protect yourself against phishing
Just as it is crucial to know what phishing is and the different types that exist, it is also important to know how to protect yourself. Here are some tips:
- When you receive an email, do not click immediately. Carry out the pertinent verifications in your personal client space, going directly from the URL of the browser.
- Improve the security of your computer. Common sense and good judgment are just as vital as keeping your computer secure, but you should also always have the latest updates for your operating system and web browser.
- Enter your sensitive data only on secure websites. For a site to be considered "secure", the first step (and not the only one) is that it begins with "https://", which implies that it follows the hypertext transfer protocol and that the browser displays the icon of a closed padlock.
- Periodically review your accounts. It never hurts to review invoices and bank accounts from time to time to be aware of any irregularities in the transactions.
- If in doubt, don't risk it. The best advice against phishing is always to encourage caution among all the members of the organization. Ensuring the authenticity of the content at the slightest suspicion is the best policy.
Post a Comment