In phishing, one or more targets are contacted by email, telephone or SMS by someone posing as a legitimate institution. This is done to trick individuals into providing sensitive data such as passwords, banking and credit card details and personally identifiable information.
The information is then used to access sensitive accounts, leading to identity theft and financial losses.
Types of phishing:
- Phishing
- Whaling
- Smishing
- Vishing
- search engine phishing
- email phishing
Common characteristics of phishing:-
- Too good to be true-Many people claim that you won an iPhone, a lottery, or some other lavish prize. Avoid clicking on suspicious emails. If it sounds too good to be true, it probably is!
- Sense of urgency–They may even tell you that you only have a few minutes to respond. You should ignore these types of emails when you see them. You may be notified that your account will be suspended if you do not immediately update your personal information. The most reliable organizations always give customers plenty of time before canceling an account and never ask them to update their personal information online. When in doubt, visit the source directly rather than clicking on a link.
- Hyperlinks–By clicking on a link, you will see the actual URL you will be directed to. It could be something completely different, or a popular website with a misspelling, like www.bankofarnerica.com – the ‘m’ is an ‘r’ and an ‘n’, so look carefully.
- Attachments–Payloads such as viruses and ransomware are often contained in email attachments. Clicking on a .txt file is always safe.
- Unusual sender – If something seems unusual, unexpected, out of the ordinary, or just generally suspicious, don’t click on it!
Phishing:
When using a rod to fish, you may find flounder, bottom feeders, or trash beneath the surface. Spearfishing allows you to target a specific fish. This is why it is called spearfishing.
Spear phishing targets specific groups or types of individuals, such as an organization’s system administrator. Please note the industry the recipient works in, the download link the victim is asked to click, and the immediate response the request requires.
Whaling
Whale phishing is a type of targeted phishing that targets whales, even larger than fish. Attacks of this type typically target the CEO, CFO, or any leader of an industry or company. The email from Whale may indicate that the company is facing legal consequences and that you should click the link for more information.
The link takes you to a page where you must enter critical information about the company, such as its tax identification number and bank account number.
Smishing
Text messages or short messaging services (SMS) are used in smishing attacks. Through smishing, a message is sent to a cell phone containing a clickable link or return phone number.
An example of a smishing attack is an SMS message that appears to come from your financial institution. The message informs you that your account has been compromised and that you should respond immediately. The attacker asks for your bank account number, social security number, etc. The attacker takes control of your bank account once he receives the information.
Vishing
Vishing serves the same purpose as other types of phishing attacks. Bushwhackers are always looking for your sensitive, personal or commercial information. This attack is carried out via a voice call. Hence the “v” rather than the “ph” in the name.
A common vishing attack includes a call from someone pretending to be a Microsoft representative. This person informs you that they have detected a contagion on your computer. You are also asked to provide your credit card details. bushwhacker can install a simplified rendition of antivirus software on your computer. The bushwhacker now has your credit card information and you probably have malware installed on your computer. The malware can contain anything from a banking Trojan to a bot (short for robot). The banking Trojan monitors your online efforts to steal more details – often your bank account information, including your password. A bot is software designed to perform any task the hacker wants. It is controlled by command and control (C&C) to mine bitcoins, generate spam, or launch an attack in a distributed denial of service (DDoS) attack.
search engine phishing
Search engine phishing, also called search engine marketing poisoning or search engine marketing Trojans, is how hackers attempt to become the pinnacle of using a search engine. By clicking on their animal hyperlink displayed in the search engine, you are directed to the hacker’s website. From there, dangerous actors can borrow your statistics while you browse the online website and/or enter delicate data. Hacker websites can present themselves as any form of website, but the main candidates are banks, money transfers, social media and shopping websites.
email phishing
Email phishing is the most common type of phishing and has been used since the 1990s. Hackers send these emails to every email address they will get. The email sometimes informs you that your account has been compromised and you want to retaliate immediately by clicking on a link provided. These attacks are usually easy to identify because the language in the email usually contains spelling mismatch and/or grammatical errors. Some emails are difficult to recognize as phishing attacks, especially when the language and descriptive linguistics are carefully crafted. Checking the email provision and the link you are directed to for suspicious language will give you clues as to whether the provision is legitimate or not. Another phishing scam, called sextortion, occurs when a hacker sends you an email that appears to come from you. The hacker claims to have access to your email account and your computer. They claim to have your parole and a recorded video of you. Hackers claim that you are just watching adult videos from your computer while the camera was on and recording. The requirement is that you pay them, sometimes in Bitcoin, or that they broadcast the video to your family and/or colleagues.
The post office What is phishing? appeared first on Cybercrime Awareness Society.