What is Phishing?
Phishing is a type of a cyber-attack that tries to target victims by using a legitimate communication channel. Fraudsters have gotten quite sophisticated and there are obvious signs that they are not slowing down. The most common phishing scams that people experience are deceptive phishing and smishing. The goal of these fraudsters is to obtain sensitive data such as login details to bank, retail websites and emails. For an organisation, employees are targeted because humans are the weakest link because they may mistakenly get scammed and therefore will put the whole organisation at great risk.
How does phishing work?
Phishing usually starts with a fake email or any other type of communication that is intended to be used as bait for users to click. the message is created to look like a real email from a legitimate company that he/she is subscribed to. If the fraudster is successful – the victim clicks on the link that takes them to a genuine looking website and then the victim then provides his/her confidential information unknowingly. Occasionally, the link could be a malware or virus that is downloaded onto the victim’s device.
Examples of phishing attacks.
- Deceptive phishing
This is the most common phishing scam out there. This is where the fraudster sends emails to victims impersonating a legitimate company. In any most phishing attack, the scammer tries to obtain the personal information of victims and in addition to that, they try to gain access to more of their account and steal some more sensitive data. They target emails, because it is where people usually receive their important messages from companies they are subscribed to.
As an example, PayPal scammers urge targets to login to their accounts immediately because there is an unknown activity on their account. This urgency will prompt the target to instantly click on the link provided.
The link then redirects the targets to a fake website where they think it’s the real Paypal account, they log in to their account and then unknowingly, their credentials are stolen. The fraudster now has access to their Paypal account.
https://www.youtube.com/watch?v=Y7zNlEMDmI4
- Spear Phishing
Spear phishing is a more targeted phishing scam compared to the deceptive. This is where the email is more personalised, using the real name, address, company name and the position of the victim. The fraudster is trying to trick the victim by making him/her believe that they have rapport.
Deceptive phishing is the foundation of phishing, and once the victim believes that a connection is established with the fraudster, they are then asked to click on a link that will redirect them to a legitimate looking website.
Typically, a lot of personal information like the victims’ companies name and position can be found on websites like LinkedIn.
https://www.youtube.com/watch?v=ygON2B9-xTw
- Whaling
This is when scammers try to go after the ‘big fish’ in the company, they are the management team or the higher ups. This typically takes some time to craft. Fraudsters try to fish our information from different sources, they tailor is according to the profile of the victims.
Once the victims drop their doubts, they then arrive at the deceptive phishing stage, whether they are being asked to click on a link that takes them elsewhere or it grants the attackers access to the organisation. Unauthorised access can pose a threat because there could be private data about the company that they can steal.
https://www.youtube.com/watch?v=_UY2cSKrnv8
- Pharming
Pharming happens if and when a potential customer wants to go to a website, but if he/she mistyped the URL, this can redirect them to a website that looks like the real thing. They would type in their username and password, but then their credentials would have been sent to the scammers.
- Vishing
Vishing is a play on word: voice and phishing. Instead of using emails, scammers try to deceive its target by using regular telephone calls. This is when scammers are posing to be working for a real organisation. They usually demand, you’ve guessed it. Personal information.
https://www.youtube.com/watch?v=Opp8DL2nROQ
- Smishing
Another play on word: SMS and phishing. This last type of phishing combines a simple text message trying to encourage targets to click on the link attached on the text message. Because they are posing as real organisations, it can be believable. A trick to entice targets usually have a price or that they have won something. Since the fraudster sends this to a countless number of people, one bad luck can be a win for the scammers.
Conclusion
Not many people know about some of these phishing scams, the percentage of victims and the number complex phishing scams seem to be going vertically. Big corporations are hiring top cyber security personnel to help them protect against the cyber-attacks. Scammers do not stop, and they don’t target machines, they target people, because as humans, we make mistakes. That’s what makes us the weakest link.
Stay safe and stay informed.
Thank you for the meaningful insight! I never heard about the terms ‘Phishing’ nor ‘Vishing’ , but I figured out from your explanations that I experienced such tricks. Luckily, I didn’t fall into the trap.
Not many people know about this and it is REAL! Be vigilant Cerasela!
wow thank you now i will never get scammed after reading this superb article👍
Thank you for the comment, I made sure it is informative.