Scammers are on the prowl, and they resort to phishing to fulfill their intentions. The method deployed by hackers to gather personal information by using illusive emails and websites is known as phishing.
Didn’t understand? Here is a classic example:
While browsing your mailbox, you suddenly see a mail from an unknown sender. Curiosity gets the better of you to open it. The content is bound to make you happy momentarily. It tells, you won big prize money, or the latest iPhone and so on.
There are also other ways of phishing; in each of them, the scammers trick the users to collect their personal details. The victims in most cases do not see anything fishy, believing they are communicating with someone they can trust. Eventually, when they realize the damage has already been done.
You have come to the right place; this article will help you understand the concept of phishing better and will also familiarize you on phishing protection.
Precisely, phishing is a form of cybercrime; the potential targets are contacted in various ways like e-mail, SMS, messaging platforms and more.
The aim is to collect personal and sensitive information like debit/credit card details, personal identification numbers, and any other identifiable information.
Consequently, the brains behind this cybercrime get easy access to the above-mentioned details and result in identity theft and loss of finances.
E-mails are a preferable way to carry out phishing. Presently, the scammers are venturing newer ways to trick the user in revealing personal information. We will discuss that a bit later.
Why the name Phishing?
Why “phishing” you may ask, when you pronounce the word, it is drastically similar to fishing? You are right; the name originates from fishing, where the scammer is the fisherman, and his goal is to lure you and then catch you and reel you.
Again, this also has a relation to hacker history; if you do not know this, earlier hackers were referred to as “phreaks” or “phreakers.”
Evolution of Phishing
Phishing may appear more prevalent in the present day, but its roots back to the mid-1990s.
The initial phishing attacks were very successful as the world was not even aware of such attacks. It has been over twenty years down the line, but phishing still exists and is equally successful.
According to Norton Cyber Security Report of 2017:
Interestingly, though the way we use the internet has undergone a significant transformation the same old phishing methods which involved using weird formatting, wrong spellings, making users’ click a link, etc. do work in favor of the scammers till date.
Various types of Phishing
We already mentioned the primary way of phishing, i.e., in the form of emails. As stats reveal, many people fail to resist their temptation and supply personal information to the “You have won a lottery” emails, and some other do so out of fear when they receive an email from the bank asking for personal information.
Strangely, even though there is a clear indication of these emails being suspicious, thousands of people become victimized regularly.
Meanwhile, let us introduce you to the other forms of this method.
1. Spear Phishing
Unlike the email phishing, this method target specific people, groups or organizations. Such attacks have been successful and accounted for high profile cyber attacks and hacking government organizations.
2. CEO Fraud
You got some indication from the name. Isn’t it? The scammer mainly targets the financial or human resources department of an organization.
Typically, a letter camouflaging the title of the CEO of the company will request immediate transfer of money.
Albeit, the reason for the money transfer seems to be legitimate. Vast sums of money have been transferred from several organizations using this method.
3. Social Media Phishing
It was only a matter of time before the scammers stepped into the arena of social media.
Getting friend requests from unknown persons, which in most cases are attractive ladies, or receiving a private message in your Twitter that includes a shortened URL are the methods commonly used.
By making use of fake profiles, they establish bonding and win the trust of the victim gradually. Later, it becomes easy for them to extort money from them citing false stories.
4. Mobile Phishing
Smartphones have not only made your life comfortable; they have become the perfect breeding grounds for these hackers.
Phishing messages sent via SMS are known as Smishing. Likewise, you may also receive a call directly, that speaks about attractive offers. The method is known as vishing.
5. Cryptocurrency Phishing
Cryptocurrencies took the world by storm, and the scammers found a new hunting ground. The use of cryptojacking malware is on the rise.
The method discreetly takes control of a machine being used for mining cryptocurrency. Some hackers even go to the extent of intruding directly into the wallets of owners to get a piece of the cryptos.
How to Protect against Phishing
Yes, phishing attacks are preventable. Spam filters do a decent job in identifying the origin of a mail and mark them as spam.
You can tweak the browser settings which will safeguard you from opening fraudulent websites.
The use of CAPTCHA, changing the passwords regularly, not using the same password for multiple accounts can also protect you from such attacks.
Business organizations should regularly initiate training to make the staff aware of the various types of phishing attacks. Security awareness training ultimately helps a lot.
According the 2017 Symantec report, Within the last year, more than 978 million adults in 20 countries
globally experienced cybercrime. Victims of such activities have adopted new way of protecting their accounts.
You should change the browsing habits. Always try contacting the source company for verifying an email which you might have received. Never click on links appearing in emails.
Alternatively, you can hover the mouse over the link; all the secure websites that include a valid Secure Socket Layer (SSL) certificate should begin with “https.” If you notice the site does not have this prefix, refrain from opening it.
Organizations should also disable using macros from running in the network. Macros are advantageous, but they become the favorite tool of the scammers for executing malicious codes and dropping malware payloads.
Phishing will continue to exist as it works. Lack of awareness makes it easy for hackers to use these attacks successfully.
Simultaneously, phishing campaigns do not cost a fortune, and the chances of the hacker being caught are rare.
After reading this, you must have understood by practicing some simple methods, both the individuals and organizations can remain safe from phishing attacks.