What is Phishing?
Phishing is a common cybercrime against an individual or a company that involves gaining access to sensitive information and using it for cybercriminals. It can also be used to launch large-scale attacks against companies. Phishing attack is the common attack against one individual or the organization.
It is a form of “social engineering attack” which means the attack is designed to manipulate people into disclosing sensitive data such as banking information, credit card or other sensitive details. Social engineering threats can be in various forms and the methods of the attacks are similar. The ultimate goal is to lure individuals and to gain access to the user’s personal or confidential information to perform cybercrime.
At times where virtually the entire world is online, phishing attacks are increasingly prominent and pose a far wider threat now than ever before. Any person or organization who possesses online account or uses emails, text messages, instant messages is susceptible to phishing. Phishing attack is the common attack against one individual or the organization.
So, it is important to understand phishing, how it works, and ways to protect yourself from phishing attacks.
Common types of phishing attacks
There are several types of phishing attacks that people and companies are vulnerable to. Some of them are:
- Deceptive Phishing: It is the most common type of phishing attack where the attacker aims to obtain sensitive data from the victims. The objective of the attack is to gain access to the victim’s credential or confidential information or to launch larger attacks by gaining access in any platform.
- Spear Phishing: It is more targeted and is usually aimed at a specific person within an organization. The aim of the attack is to gain access to a company and launch a bigger attack.
- Whaling: It is aimed at high-profile executives within large companies. The goal of the attack is to access the information available to the senior executive, usually the CEO or equivalent of a company.
Signs to detect phishing email or message
While the most common form of phishing is through emails, it can be attacked through text messages or instant messages on social media. It starts with a personalized message to an individual that appears to be from a credible or reputable source and requires the person to open a link to complete the transaction. The objectives are similar regardless of the method of phishing attacks.
You receive an email or text message asking you to click on the given link to verify your banking information.
Once you open the link, you will have to enter your private data in a form that is directly linked to the attacker’s system. Or, a virus will be installed on your system as soon as the link opens. There will be two common consequences of opening the links.
The first consequence is, the attacker receives your credentials instantly, allowing them to access your bank account and transfer all your money into their account. For the second consequence, your computer or phone will be affected by the virus which is usually made to steal all the personal information available on your system.
Therefore, the best way to protect yourself from a phishing attack is to not open and respond to emails and messages that have signs of a phishing attempt. They might appear to be from credible sources.
Look out for these signs in email or message:
- Exaggerated and lucrative
The emails often contain offers that are very attractive and seem too good to be true. It may be announced in any form such as winning the latest Phone or the lottery.
Remember, you will never win any “contest” abruptly if you did not enter any contests.
Phishing emails always have a sense of extreme urgency and will usually come with a very short “deadline”. Some might ask to log on and verify your account details or click on the link within a couple of minutes to get the data. Real companies and banks will never request on such a short notice.
Remember, the best is to approach the company directly if the email seems credible.
- Hyperlinks and attachments
A hyperlinked word may not always lead you to the “homepage” of your bank. Hover over the link and see where it leads before clicking on it. Same goes for attachments as it may not be what it seems to be.
If the attachment is unexpected or doesn’t make sense to you, don’t download or open it!
- Unknown/unusual senders
Verify with the person who sent the email before action taken.
Remember that a credible company will always have a company-based email and not a generic one.
In addition, it is helpful to have anti-malware software installed on your systems in case the virus is downloaded inadvertently. Also, always update your computers or smartphones with the latest software and use multi-factor authentication on all responsive accounts!