One of the oldest hacking techniques. It is also one of the simplest, and, surprisingly, one of the most effective. Most people do not even suspect that anything is amiss when under phishing attacks because they do not realize what it is or how it works
Below is listed what you need to know about phishing, including how to protect yourself from the most common phishing attacks
Phishing is all about deception. Hackers impersonate other people or entities in an attempt to gain your trust and get you to reveal sensitive information such as credit card numbers and passwords. Alternatively, the hackers will try to get you to download damaging malware and spyware that then collects sensitive data and sends it back to them
Most phishing attacks are random and widespread, designed to target a large group of people with the hope that some victims fall for the trap. However, there are two more distinct forms of phishing:
In this case, hackers target a specific individual for a variety of reasons. These may be partners, work colleagues, friends, and relatives, or prominent people. 91% of Cyberattacks and the resulting data breach begin with a spear phishing email, according to research from security software firm Trend Micro
In this case, hackers target specific individuals that are prominent and stand out in society. These may be CEOs of major companies, celebrities, or politicians, among others. Because of the people who would have access to large and sensitive databases “Whales” are carefully chosen for their access within the company. The goal of a whaling attack is to trick a CEO or Executive into revealing personal or corporate data, often through email and website spoofing
Also known as TCP session hijacking, is a method of taking over a user session by surreptitiously obtaining the session ID and masquerading as the authorized user. Once the user's session ID has been accessed, the attacker can masquerade as that user and have access to the network. With session hijacking, the phisher exploits the web session control mechanism to steal information from the user. In a simple session hacking procedure known as session sniffing, the phisher can use a sniffer to intercept relevant information so that he or she can access the Web server illegally.
This is a technique where the hacker changes a part of the content on a web page of a website. This is done to mislead the user to go to a page outside the legitimate website. The general intent of content injection is to get users to enter their sensitive information by misleading them.
Link manipulation is the technique in which the hacker sends a link to a malicious website. When the user clicks on the deceptive link, it opens up the phisher’s website instead of the website mentioned in the link.
Hovering your mouse over the link to view the actual address stops users from falling for link manipulation.
Here is an example of a fake link
When you hover your mouse, you see it actually will take you to Bing.com
Phishing scams involving malware require it to be run on your computer or mobile device. The malware is usually attached to the email sent to the user by the phishers. Once you click on the link, the malware will start functioning. Malware may also be attached to downloadable files.
The most common examples of malware include:
Hackers use a variety of techniques to phish information off their victims. Three in particular are very popular. They are quite effective
Email is the most popular platform for phishing, as emails are easy to fake (for hackers) and difficult to authenticate (for victims). It accounts for over 90% of all phishing attacks
Email phishing is somewhat simple. Suppose a hacker wants the log-in details of your online PayPal account. The hacker might register a Domain Name that looks a lot like PayPal's and design the email to look like PayPals Email. The email will then alert you to a reason why you need to log in to your PayPal account
The most common PayPal alert look like you have a security breach that requires you to change your passwords
The trick in email phishing is that the emails come with links to the supposedly real website. However, these websites are also replicas. Once you click on the link, it redirects you to the replica website that then collects your log-in information. The links may also download malware and spyware that then collects your sensitive data
The solution to email phishing is to be wary of all emails. Never click any links in the email. Go directly to the website itself
Numbers that appear on the caller ID are easy to replicate and spoof. As such, mainstream numbers that are saved on your phone book will easily pass off as authentic when under a telephone phishing attack. This is why most hackers impersonate major service organizations such as banks and governments. The common tactic is to call with a false alarm that somehow will require you to share sensitive information such as bank account numbers. However, hackers can also go an extra mile to target specific individuals by spoofing phone numbers of their personal contacts
Authentication is just as hard with telephone phishing as it is with email phishing. As such, you should always check twice. As such, if a major organization calls asking for sensitive information, then make sure that you get the callers name and position. This usually scares hackers away. Alternatively, hang up and call the company directly
See our Blog on Outsmarting the Smart Devices
Phishers are becoming more and more sophisticated in designing their phony websites. It's all about deception. Hackers create websites that look exactly like the original and try to lure people to these websites. Hackers usually target major websites dealing with sensitive issues such as finance and personal data
Here are some signs to look for that can help you distinguish a real website from a phishing site
Incorrect company name. Often the web address of a phishing site looks correct but actually contains a common misspelling of the business name. Or a character or symbol before or after the company name. Also look for tricks such as substituting the number "1" for the letter "l" in a Web address (for example, www.paypa1.com instead of www.paypal.com)
"http://" at the start of the website address. Most all websites address starts with "https://" today. The letter "s" should be included
Be leery of pop-ups. Be careful if you are sent to a website that immediately displays a pop-up window asking you to enter your username and password. Phishing scams may direct you to a legitimate website and then use a pop-up to gain your account information
The following documents and websites from Cybersecurity and Infrastructure Security Agency (CISA) can help you learn more about phishing and how to protect yourself against phishing attacks
Avoiding Social Engineering and Phishing Attacks
Protecting Your Privacy
Understanding Website Certificates
Federal Trade Commission, Identity Theft
Recognizing and Avoiding Email Scams
Anti-Phishing Working Group (APWG) Report phishing emails
The best way to avoid all forms of phishing attacks is to keep all your sensitive information private. Never share it with anyone via email, over the phone, or on suspicious websites
Awesome, Keep going
Ian B. Stockholm, Sweden
Thank You for sharing this article, it will help to protect anyone
Tweet Share Pin Tumble Email