Phishing is one of the oldest hacking techniques. It is also one of the simplest, and, surprisingly, one of the most effective. Most people do not even suspect that anything is amiss when under phishing attacks because they do not realize what it is or how it works
Here is everything you need to know about phishing, including how to protect yourself from three common phishing hacks
Phishing is all about deception. Hackers impersonate other people or entities in a bid to gain your trust and get you to reveal sensitive information such as credit card numbers and passwords. Alternatively, the hackers will try to get you to download damaging malware and spy-ware that then collects sensitive data and sends it back to them
Most phishing attacks are random and wide-spread, designed to target a large group of people with the hope that some victims fall for the trap. However, there are two more distinct forms of phishing:
In this case hackers target a specific individual for a variety of reasons. These may be partners, work colleagues, friends, and relatives, or prominent people. 91% of cyberattacks and the resulting data breach begin with a spear phishing email, according to research from security software firm Trend Micro
In this case hackers target specific individuals that are prominent and stand out in society. These may be CEOs of major companies, celebrities, or politicians, among others
Hackers use a variety of techniques to phish information off their victims. Three, in particular, are popular. They are quite effective, but there are simple solutions:
Email Phishing
Email is the most popular platform for phishing as emails are easy to fake (for hackers) and difficult to authenticate (for victims). It accounts for over 90% of all phishing attacks
Email phishing is simple. Suppose a hacker wants the log-in details of your online PayPal account. The hacker will register an email domain that looks a lot like PayPal’s original one and design the email to look original. The email will then alert you to a reason why you need to log in to your PayPal account – the most common alert is usually a security breach that requires you to change your password. "See Creating a Strong Password"
The trick in email phishing is that the emails come with links to the supposedly real website. However, the websites are also replicas. Once you click on the link it redirects you to the replica website that then collects your log-in information. The links may also download malware and spyware that then collects your sensitive data
The solution to email phishing is to never click any links in the email. If you have to check into the said alerts then do this directly through your search engine or bookmarks
Telephone Phishing
Telephone phishing is also popular, and it is threatening to become even worse with the rise of robot calls. In this case, all a hacker needs is a relevant number and a good tongue
Numbers that appear on the caller ID are easy to replicate and spoof. As such, mainstream numbers that are saved on your phonebook will easily pass off as authentic when under a telephone phishing attack. This is why most hackers impersonate major service organizations such as banks and governments. The common tactic is to call with a false alarm that somehow will require you to share sensitive information such as bank account numbers. However, hackers can also go an extra mile to target specific individuals by spoofing phone numbers of their personal contacts
Solution: Authentication is just as hard with telephone phishing as it is with email phishing. As such, you should always check twice. As such, if a major organization calls asking for sensitive information then make sure that you get the callers name and position – this usually scares hackers away. Alternatively, hang up and call back directly from your phone-book or the directory. Also see our Blog on Outsmarting the Smart Devices
Website Phishing
Website phishing is also all about deception. Hackers create websites that look exactly like the original and try to lure people to these websites. Hackers usually target major websites dealing with sensitive issues such as finance and personal data
For instance, suppose a hacker wants to Defraud PayPal users. In this case, the hacker will create a log-in page identical to PayPal’s and register a nearly identical domain name. They then try to lure people to these websites through several channels; mostly through email phishing and false adverts. People who fall for the trap try to log in to their accounts only to have their data stolen
Solution: The best way to avoid suspicious phishing websites is by installing cyber-security software that flags fake websites. You may also want to memorize the URLs of all sensitive websites you use and bookmark them. Again; never click links on emails or adverts that you do not trust. Also see Security for Your Website
The best way to avoid all forms of phishing attacks is to keep all your sensitive information private. Never share it with anyone via email, over the phone, or on suspicious websites
Tweet Share Pin Tumble Email
