Phishing is one of the most common cyber threats. It is an attack that uses email link disguised as legit entities to bait you into believing it is authentic. A hacker will attempt to gather confidential data such as passwords, usernames, SSID credentials, credit card information and other sensitive information.
By posing as a bank or any other legitimate institution, the hackers put into use social engineering methods to manipulate users into clicking on malicious links or to divulge confidential and sensitive information.
There are different phishing attacks:
Spear phishing
Spear phishing is carried out by hackers who have already gathered data on their targeted victims by gathering information on them from sites such as LinkedIn. They send spoof emails with more authentic content. For example, if their target has a certain issue with their bank, the hackers will create a fake bank website. They then send a customized and malicious email with a link to the fake website. The cybercriminals proceed to prompt the user for their personal information such as usernames and passwords.
Clone phishing
Cybercriminals are able to see your previous emails and make a clone of the email. They then attach a malicious link to the clone.
Whaling
Whaling is a phishing method that targets very senior or high profile company board members. They do not work full time in the organizations and usually use their personal emails as opposed to work emails. These personal emails are normally not protected as well as the company’s corporate networks.
Vishing
Vishing simply means Voice phishing and technically uses the phone. The target gets a phone message which comes disguised as official communication from a legit institution. The message might ask the target to call a certain number and key in their PIN or account number for security reasons. When the call goes through, it connects to the hacker through a voice over-IP address.
Snowshoeing
Snowshoeing is also called hit and run spam. Hackers push messages through multiple IP addresses and domains. Every IP address transmits a small number of messages that cannot be detected by spam filtering technology that can’t detect and block malware immediately. Some messages are delivered before they are blocked by the filters.
There are several ways to stop phishing:
Stay updated on phishing techniques
Cybercriminals are always developing new scams. If you don’t stay updated on the new techniques, and know the different phishing attack characteristics, you will eventually get scammed. Keep a lookout for updates on any new scams. Being aware of the new scams allows you to stay vigilant and avoid getting scammed.
Avoid clicking on suspicious links
Clicking on links in sites you trust is okay, but links in instant messages or emails are a no-go zone. Before you click on any link, be sure to hover on it first before clicking on it and confirm their legitimacy. A phishing email claims to be from a legitimate source and the link will lead to a clone of the real company website. A hacker’s site will ask you to fill in your name or start with the phrase “Dear Customer”. If you need to confirm, do not click on the link, but go directly to the company website.
Download anti-phishing toolbar
You can customize your browser with an anti-phishing toolbar. These toolbars run quick scans on websites you visit and do a comparison against known phishing sites. If you come across a malicious website, the toolbar sends you an alert.
Verify before committing
Everybody gets wary about giving out sensitive information online, especially financial. Before supplying any information online, ensure the site is safe by checking if the URL starts with ‘https’, and has an icon of a closed lock adjacent to the address bar.
Look for the security certificate and if you receive a message citing a particular website is malicious, stay away from it! Do not download files from websites or emails that look suspicious. Search engines can lead you to a spoof website that has cheap offers on items. If you buy these items, your credit card information is gathered by hackers.
Install anti-virus software
Anti-virus software has special signatures that protect you against known loopholes. Keep your software up to date because new scams come up all the time, so the software has to be regularly updated for additional protection.
Firewall and anti-spyware settings are useful in preventing phishing attacks, and must also be regularly updated. Firewalls prevent access to malware by blocking malicious attacks. The anti-virus software runs a scan for every file that comes to your computer via the internet
Conclusion
Phishing attacks are common and vary in their method of attack. You must be very careful when dealing with email links or suspicious emails. Being vigilant and updated on the various phishing schemes will keep you safe from phishing.