One of the oldest hacking techniques. It is also one of the simplest, and, surprisingly, one of the most effective. Most people do not even suspect that anything is amiss when under phishing attacks because they do not realize what it is or how it works
Below is listed what you need to know about phishing, including how to protect yourself from the most common phishing attacks
Phishing is all about deception. Hackers impersonate other people or entities in a attempt to gain your trust and get you to reveal sensitive information such as credit card numbers and passwords. Alternatively, the hackers will try to get you to download damaging malware and spyware that then collects sensitive data and sends it back to them
Most phishing attacks are random and wide spread, designed to target a large group of people with the hope that some victims fall for the trap. However, there are two more distinct forms of phishing:
In this case hackers target a specific individual for a variety of reasons. These may be partners, work colleagues, friends, and relatives, or prominent people. 91% of Cyber Attacks and the resulting data breach begin with a spear phishing email, according to research from security software firm Trend Micro
In this case hackers target specific individuals that are prominent and stand out in society. These may be CEOs of major companies, celebrities, or politicians, among others. Because of the people who would have access to large and sensitive data bases “Whales” are carefully chosen for their access within the company. The goal of a whaling attack is to trick a CEO or Executive into revealing personal or corporate data, often through email and website spoofing
Hackers use a variety of techniques to phish information off their victims. Three in particular are very popular. They are quite effective
Email is the most popular platform for phishing as emails are easy to fake (for hackers) and difficult to authenticate (for victims). It accounts for over 90% of all phishing attacks
Email phishing is some what simple. Suppose a hacker wants the log-in details of your online PayPal account. The hacker might register a Domain Name that looks a lot like PayPal's and design the email to look like PayPals Email. The email will then alert you to a reason why you need to log in to your PayPal account
The most common PayPal alert look like you have a security breach that requires you to change your passwords
The trick in email phishing is that the emails come with links to the supposedly real website. However these websites are also replicas. Once you click on the link it redirects you to the replica website that then collects your log-in information. The links may also download malware and spyware that then collects your sensitive data
The solution to email phishing is to be wary of all emails. Never click any links in the email. If you have to check into the said alerts then go directly to the website itself
Telephone phishing is also popular, and it is threatening to become even worse with the rise of robot calls. In this case, all a hacker needs is a relevant phone number and a good tongue
Numbers that appear on the caller ID are easy to replicate and spoof. As such, mainstream numbers that are saved on your phone book will easily pass off as authentic when under a telephone phishing attack. This is why most hackers impersonate major service organizations such as banks and governments. The common tactic is to call with a false alarm that somehow will require you to share sensitive information such as bank account numbers. However, hackers can also go an extra mile to target specific individuals by spoofing phone numbers of their personal contacts
Authentication is just as hard with telephone phishing as it is with email phishing. As such, you should always check twice. As such, if a major organization calls asking for sensitive information then make sure that you get the callers name and position. This usually scares hackers away. Alternatively, hang up and call back directly to the company
See our Blog on Outsmarting the Smart Devices
Phishers are becoming more and more sophisticated in designing their phony websites. It's all about deception. Hackers create websites that look exactly like the original and try to lure people to these websites. Hackers usually target major websites dealing with sensitive issues such as finance and personal data
Here are some signs to look for that can help you distinguish a real website from a phishing site
Check the URL or Web address. Just because the address looks right do not assume you are on a legitimate site. Look in your Browser's address bar for these signs that you may be on a phishing site
Incorrect company name. Often the web address of a phishing site looks correct but actually contains a common misspelling of the business name. Or a character or symbol before or after the company name. Also look for tricks such as substituting the number "1" for the letter "l" in a Web address (for example, www.paypa1.com instead of www.paypal.com)
"http://" at the start of the website address. Most all websites address starts with "https://" today. The letter "s" should be included
Be leery of pop-ups. Be careful if you are sent to a website that immediately displays a pop-up window asking you to enter your username and password. Phishing scams may direct you to a legitimate website and then use a pop-up to gain your account information
The following documents and websites from Cybersecurity and Infrastructure Security Agency (CISA) can help you learn more about phishing and how to protect yourself against phishing attacks
Avoiding Social Engineering and Phishing Attacks
Protecting Your Privacy
Understanding Web Site Certificates
Federal Trade Commission, Identity Theft
Recognizing and Avoiding Email Scams
Anti-Phishing Working Group (APWG) Report phishing emails
The best way to avoid all forms of phishing attacks is to keep all your sensitive information private. Never share it with anyone via email, over the phone, or on suspicious websites
Comments
Jim J
Awesome, Keep going
Ian B
Thank You for sharing this article, it will help to protect anyone
Tweet Share Pin Tumble Email
