phishing

 [ fiSHiNG ] "NOUN"

The fraudulent practice of sending emails in order to induce individuals to
reveal personal information, such as passwords and credit card numbers

Updated: August 29, 2019
By: RSH Web Editorial Staff
phishing

Phishing is one of the oldest hacking techniques. It is also one of the simplest, and, surprisingly, one of the most effective. Most people do not even suspect that anything is amiss when under phishing attacks because they do not realize what it is or how it works

Here is everything you need to know about phishing, including how to protect yourself from three common phishing hacks

Defining Phishing

Phishing is all about deception. Hackers impersonate other people or entities in a bid to gain your trust and get you to reveal sensitive information such as credit card numbers and passwords. Alternatively, the hackers will try to get you to download damaging malware and spy-ware that then collects sensitive data and sends it back to them

Most phishing attacks are random and wide-spread, designed to target a large group of people with the hope that some victims fall for the trap. However, there are two more distinct forms of phishing:

Spear Phishing

In this case hackers target a specific individual for a variety of reasons. These may be partners, work colleagues, friends, and relatives, or prominent people. 91% of cyberattacks and the resulting data breach begin with a spear phishing email, according to research from security software firm Trend Micro

Whale Phishing

In this case hackers target specific individuals that are prominent and stand out in society. These may be CEOs of major companies, celebrities, or politicians, among others

Three Common Phishing Techniques and Their Solutions

Hackers use a variety of techniques to phish information off their victims. Three, in particular, are popular. They are quite effective, but there are simple solutions:

Email Phishing

Email is the most popular platform for phishing as emails are easy to fake (for hackers) and difficult to authenticate (for victims). It accounts for over 90% of all phishing attacks

Email phishing is simple. Suppose a hacker wants the log-in details of your online PayPal account. The hacker will register an email domain that looks a lot like PayPal’s original one and design the email to look original. The email will then alert you to a reason why you need to log in to your PayPal account – the most common alert is usually a security breach that requires you to change your password. "See Creating a Strong Password"

The trick in email phishing is that the emails come with links to the supposedly real website. However, the websites are also replicas. Once you click on the link it redirects you to the replica website that then collects your log-in information. The links may also download malware and spyware that then collects your sensitive data

The solution to email phishing is to never click any links in the email. If you have to check into the said alerts then do this directly through your search engine or bookmarks

Telephone Phishing

Telephone phishing is also popular, and it is threatening to become even worse with the rise of robot calls. In this case, all a hacker needs is a relevant number and a good tongue

Numbers that appear on the caller ID are easy to replicate and spoof. As such, mainstream numbers that are saved on your phonebook will easily pass off as authentic when under a telephone phishing attack. This is why most hackers impersonate major service organizations such as banks and governments. The common tactic is to call with a false alarm that somehow will require you to share sensitive information such as bank account numbers. However, hackers can also go an extra mile to target specific individuals by spoofing phone numbers of their personal contacts

Solution: Authentication is just as hard with telephone phishing as it is with email phishing. As such, you should always check twice. As such, if a major organization calls asking for sensitive information then make sure that you get the callers name and position – this usually scares hackers away. Alternatively, hang up and call back directly from your phone-book or the directory. Also see our Blog on Outsmarting the Smart Devices

Website Phishing

Website phishing is also all about deception. Hackers create websites that look exactly like the original and try to lure people to these websites. Hackers usually target major websites dealing with sensitive issues such as finance and personal data

For instance, suppose a hacker wants to Defraud PayPal users. In this case, the hacker will create a log-in page identical to PayPal’s and register a nearly identical domain name. They then try to lure people to these websites through several channels; mostly through email phishing and false adverts. People who fall for the trap try to log in to their accounts only to have their data stolen

Solution: The best way to avoid suspicious phishing websites is by installing cyber-security software that flags fake websites. You may also want to memorize the URLs of all sensitive websites you use and bookmark them. Again; never click links on emails or adverts that you do not trust. Also see Security for Your Website

Your Personal Information is Private

The best way to avoid all forms of phishing attacks is to keep all your sensitive information private. Never share it with anyone via email, over the phone, or on suspicious websites


Tweet  Share  Pin  Tumble  Email

 

1997 - 2019  |  RSH Web Services  |  All Rights Reserved.