One of the easiest and the most common cyber attacks for criminals is phishing. Email is the most common method of performing these attacks. Phishing attack attempts to gain information or money by using a fraudulent email. Phishing emails look like an actual email from a trusted source. They create a sense of urgency for users to follow a link to a fake web page that will persuade them to enter personal information. When they log in, their information may be stolen or their computer would be infected by malware. Some times cyber criminals use the data to hack into the victims’ accounts to steal money or make purchases.
How does a phishing attack work?
As I mentioned before, it tricks a user into entering personal details or other confidential information. Scams vary in their goals. As an example, offers of prizes won in fake competitions like lotteries are one of the common techniques. In this example, the victims should enter their details such as name, date of birth, address and bank details in order to claim and win the prize. Actually, there’s no prize and all they’ve done is put their personal details into the hands of hackers.
Phishing scams usually include manipulated links or a fake login pop up on a legitimate websites. Also, more images exists in their emails than texts, in order to put over the filters. Here are some other common approaches.
- Spear phishing: It is more advanced than a regular phishing message. This is an email-spoofing attack that targets an specific individual or organization to steal data for malicious purposes like better crafting phishing emails to manipulate potential victims.
- Clone phishing: It’s a kind of spear phishing which comes under the social engineering. It uses a legitimate and previously delivered email with an attachment or link that has its content and address cloned. The link/attachment is replaced with a malicious site or attachment.
- Whaling attacks: This method targets high-profile business executives. These scams include emails or web pages that seems seriously and they usually target someone in particular. The aim is to steal money or sensitive information or gaining access to their computer systems for criminal purposes.
- SMS phishing, or smishing, uses cell phone text messages to skim personal information from recipients. Smishing is short and grabs the attention of the victim with the aim of panicking them into clicking on the phishing URL within.
Why it is called “Phishing”?
This term is a modified version of “Fishing”. The fisherman in “fishing” changed into “cyber attacker” here, and they try to catch you with their fraud email. Also it can refer to the history of hacker. Because some of the earliest hackers were known as ‘phreaks’ or ‘phreakers’.
Signs of phishing
poor grammar and spelling: Some less professional phishing operators make errors in their messages. On the other side, official messages from major organisations don’t contain bad spelling and grammar. So, messages with poor grammar and spelling text would be a clear sign which warns the messages are not legitimate.
A strange sender address: Most of the times, phishers hope readers don’t check the address because they can’t fake a real one. But the message seems completely legitimate in all aspects like grammar, spelling and company logo. Often the sender address is a list of characters rather than the address of an official source.
Shortened or odd URLs in phishing emails: Many of the phishing attacks invite the victim to click a link which invites the victim to a fake website designed for malicious purposes. Moreover, the text seems like a legitimate link but actually the web address is different. So, be careful about the link which you want to click. Check that it is the correct URL and not the one which looks similar to it.
How to protect against phishing attacks
Time needed: 15 minutes.
Phishing attack might take advantage of a company’s weakest Internet security link to worm inside of a network. Fortunately there are ways to avoid being victim of it. In order to prevent these scams, it is necessary to identify the security weaknesses and use different methods to prevent such attacks.
- Learn about new techniques
As these scams are developing all the time, the necessity for being informed about them arises. You will be at much lower risk if you stay on the top of the new phishing techniques.
- Keep your browser up to date
Don’t ignore the messages about updating your browser. Whenever you see the updates, download and install them.
- Use a good antivirus software
It helps to prevent damage to your system by scanning the files which comes through the Internet to your computer.
- Think before you click
Check the links carefully. Do they lead where they are supposed to lead? When you are in doubt, go to the source rather than clicking a dangerous link.
- Install anti-phishing toolbar
It’s another protection against such scams, and it is completely free. Such toolbars check the sites that you are visiting and compare them to lists of known phishing sites. The toolbar will alert you, if you are in a malicious site.
- Be careful about pop-ups
Generally, pop-ups are known as legitimate sign of websites. They can be phishing attempts, too. Popular browsers allow you to block pop-ups. Click on “x” in the upper corner of the window. Do not click on the “Cancel” button because it often leads to phishing sites.
- Do not give out your personal information
You shouldn’t share personal or financial information over the Internet. When you are in doubt about the legitimacy of an email, visit the main website of the company and make a call. Never send an email with sensitive information to anyone. A secure website always starts with “https”. Make it a habit to check the address of the website.
- Use code names
Employees or clients could create specific code words or email formats to use for correspondence. In this way the recipient know the email is legitimate. Keep in your mind that code names are not just for spies.
Now you can live without the fear of phishing scams if you keep in your mind the tips above.