Definition of Phishing attacks:

 


Phishing is a cyber attack that uses disguised emails, direct messages and websites that resemble real institutions and with which the perpetrators aim to obtain sensitive information to gain access to important accounts of their victims. In this way, they can be tricked into sharing their passwords to online banking, PayPal, Amazon etc. Pages resembling known institutions and companies may ask to update credit card details in an attempt to steal this precious information and later on to use it to make payments.


Оne of the oldest types of cyberattacks are dating back to the 1990s, Phishing attacks are still one of the most widespread and pernicious, techniques which are increasingly sophisticated. 

 

How do they work?

 

Most commonly the recipient receives fraud online correspondence that looks like it’s from a company which is known and trusted.

Often those emails and messages state that the user account is on hold because of a billing problem.

Often it has a generic greeting, “Hi Dear.” If you have an account with the business, it probably wouldn’t use a generic greeting like this.

Тhe emails in question invite their victims to click on a link to update their payment details.

Due to many websites being hacked and their database with personal information leaked, some sophisticated attackers use your full name and personal details to make the phishing look more real.

 

Types of widespread phishing attacks: 

  • Email phishing 

This is social engineering attack which is sent to thousands of emails and invites a victim into opening an email, instant message, or text message with which it might steal sensitive information, passwords and bank card details. 

 

  • Spear phishing

One of the most dangerous phishing attacks. They use misleading emails that, instead of being randomly sent to thousands of random recipients, are targeted to groups of people who have something in common. They can work in the same company, be customers of a web site or use the same financial institution. The emails appear to have been sent by people or an institution from which the victim usually receives messages.

 

  • Whaling 

Cyberattack which is precisely created and target high-level executives of companies as CEOs, CFOs, Managers of highly important projects with high-level access in the institutions. Those attacks are using carefully collected personal information from the internet and social media platforms, they aim to deceive them to disclose sensitive information and corporate data.

 

  • Smishing 

This attack uses text messages to deceive his victims to pay money out or click on suspicious links

 

  • Vishing 

This is a type of phishing where scammers are trying over a voice call to persuade people to share information by posing as a bank or financial institution staff members.

 

  • Angler phishing

Type of a cyberattack that introduces itself for а customer service account on social media, lurking to reach an angry customer of financial institution or service. Using the frustration of the victim and being really kind and understanding they try to lure them into handing over access to their account credentials and personal information.

 

How to avoid Phishing attacks?

 

Make sure you are well informed of the latest types of fraud and prevent being scammed.

  • Always enter the website by opening a new browser tab instead of clicking on the email links.

  • Check if there is an HTTPS lock in the address bar.

  • Use a password manager - it automatically checks if the site is the real one or a fake and will not enter your password into a phishing page.

  • Check the email headers to verify if the sender is using the real domain and mail server.

  • Using a VPN protects your data in transit because the data travels in encrypted form to the VPN server.

  • Try to use two-factor authentication where possible and use apps like Google Authenticator instead of SMS verification (to avoid sim swap attacks).

  • Protect your computer by using security software.

  • Never provide your password over the phone or in response to an unsolicited Internet request. If you think that the contact might be legitime - before answering - contact the institution yourself through their website and verify the request.

  • If you are using online financial services, periodically review their online activities and keep yourself informed for all new activities and changes in their online services. 

 

What to do if you are a victim?

 

If you think you might be a victim of a cybercrime contact your financial institution or the company in question and immediately alert them for the possible deception.

 

How to Report Phishing?

 

It’s really important if a suspicious email is received to be reported so the spread of the fraud can be minimized.

 
There are various ways to report phishing, some of the most popular websites where you can do this are:

https://safebrowsing.google.com

https://www.phishing.org/how-to-report-phishing

https://apwg.org/reportphishing

Found a mistake? Report it to us by selecting the wrong word/s and press CTRL + ALT + M. Thank you!