- What is a Phishing Attack?
- Phishing attack examples
- How does Phishing work?
- Who is at risk of Phishing attacks?
- What types of Phishing attacks should I know about?
- Some of the common phishing scams
- Coronavirus Phishing Scams
- Fortunately, Here are 10 basic guidelines in keeping yourself safe from a Phishing attack:
- Conclusion
A phishing attack is one of the common methods of attack you’re likely to come across that attempts to gain personal information. This attack is one of the most common security attacks that is faced by both individuals and companies as these are highly profitable attack for cybercriminals and this attack can look deceivingly credible due to which thousands fall victim to them every year.
Hackers commonly try phishing attack as it is harder to spot than you think! They use email, social media, phone calls or these scams hide behind voices you know and trust, like your coworkers, your bank to steal personal information.
Phishing scams have been around practically since the inception of the Internet, and they will not go away any time soon. Fortunately, this article can help you from becoming a victim yourself.
Before taking up how to fix the problem, let’s take a step back and cover “what is phishing” “types of phishing” “ how does it work” and many more.
What is a Phishing Attack?
Phishing is a broad term and it is a type of social engineering attack that often encompasses a range of different strategies to steal user data, including login credentials and credit card numbers.
A phishing attack usually happens when an attacker dupes a victim into opening an email, text message. When this malicious link is clicked, installation of malware, the freezing of the system can happen which leads to a ransomware attack or the revealing of sensitive information.
A phishing attack can have devastating results for both individuals and for the company. From stealing funds to larger attacks such as APT ( advanced persistent attack) can sustains severe financial losses in addition to declining market share, reputation, and consumer trust.
Phishing attack examples
The following illustrates a common phishing scam attempt:
- A spoofed email ostensibly from greatlearning.in is mass-distributed to as many company employees.
- The email claims that the user’s password is about to expire. Instructions are given to go to greatlearning.in/renewal to renew their password within 24 hours.
After clicking the link:
- The user is redirected to greatlearning.inrenewal.com, a bogus page that asks for a new and existing password that appears the same as the renewal page. Once the victim fills in all the information, hijacks gain access.
Also Read: Everything You Need to Know About Cybersecurity Attacks and How to Prevent Them
How does Phishing work?
Phishing works with anyone who uses the internet or phones.
Phishing scams try to:
- Infect device with malware
- Steal private credentials to get money or identity
- Obtain control of online accounts
Who is at risk of Phishing attacks?
A phishing attack can affect anyone of any age. With the increase in the usage of the internet, it is hard to hide your phone number, email address, and social media accounts. These credentials can help attackers to steal your personal information.
What types of Phishing attacks should I know about?
Phishing attacks take many roads to get to you:
- Phishing email: This usually appears in your mailbox and request’s you to follow a link, send a payment, reply with private info, or open an attachment.
- Domain spoofing: This is one of the popular ways to mimic a valid email address like greatlearning.com as these take a real company’s domain and modify it. Here they do not use “ greatlearning.com” instead they use “ geartlearning.com which is very easy for a victim to engage and fall into the scheme.
- Voice phishing: Attackers call you and acts like a valid person or a company to deceive you and will urge you to take action while being on the call.
- SMS phishing: Attackers will imitate a valid organization and send you a short link message to fool you.
- Clone phishing: Attackers duplicates a real message that was sent previously, but links replaced with malicious ones.
- Typosquatting: Attackers tries to catch people who type an incorrect website URL.
- Evil twin( internet connection attack): Attackers set up public Wi-Fi at locations like coffee shops, railways stations to get you connected and eavesdrop on all your online activity.
Also Read: Email Security: Your Complete guide on Email security and Threats
Some of the common phishing scams
It is impractical to list every known phishing scam here, there are some common ones you should definitely look out for:
Iran Cyberattack phishing scam: Attackers used illegitimate Microsoft email, prompting to restore your data, to steal Microsoft credentials.
Office 365 deletion alerts: This is another Microsoft related scam. This is an email scam that claims that a high volume of files has been deleted from your account and gave them the link for login, resulting in compromising their account credentials.
Notice from the bank: This email scam normally gives you a link that leads to a web form, asking for your bank details “for verification purposes.” Do not give them your details. Instead, call the back and check for this.
Contest winner email: Attackers send contest winner prize and asks you to click on eth link and provide some basic information— don’t get too excited. Because most of the time these emails are scams.
Coronavirus Phishing Scams
Coronavirus/COVID-19 phishing scams are the latest scams happening all around us, these emails and message may look official, but if you investigate the link or email id carefully, you will understand.
Do not fall for these scams as these government organizations will never ask you for personal information or bank details.
If you receive one of these emails, this is what you should do:
- Check the sender email address — WHO sender addresses use the person@who.int pattern. NOT Gmail, etc.
- Before you click on the like check for “ HTTPS” and not ‘HTTP”
- Even if you give your personal information, don’t panic — reset your credentials on sites and contact your bank immediately to change the required credentials.
- Report all WHO related scams to WHO website.
Also Read: Top Cyberhacks of All Time
Fortunately, Here are 10 basic guidelines in keeping yourself safe from a Phishing attack:
1. Keep Updating About Phishing Technique: Keep an eye on phishing scams, as new phishing scams are being developed all the time. Without staying on top of these new phishing techniques, could put you at risk. An IT administers, security professionals should always find out any of these scams as early as possible, to lower the risk.
2. Think Before You Click!: Clicking on random emails or instant messages isn’t a smart move. Instead, always verify the sender’s email address; personalized email address are less likely to be fake. Be cautious of links and attachments, as they may lead to phishing sites or malware.
3. Install an Anti-Phishing Toolbar: Installing an anti-phishing toolbar can help you do a quick check on the sites that you visit and compare them with the phishing sites. If you stumble upon a malicious site, the toolbar will alert you about it. This is just superficial protection against phishing scams, and it is completely free.
4. Verify a Site’s Security: Before submitting any information, make sure the site’s URL begins with “HTTPS” and not from “ HTTP”, also check for a closed lock icon near the address bar.
5. Check Your Online Accounts Regularly: Check out your online accounts regularly and make a habit of changing the passwords regularly too. This doesn’t give space to the hackers to have a field day with it.
To prevent bank phishing check your monthly statements carefully to ensure no fraudulent transactions have been made without your knowledge.
6. Keep Your Browser Up to Date: Security patches are released for popular browsers in response to the security loopholes that phishers inevitably discover and exploit. Do not ignore messages about updating your browsers. The minute an update is available, download and install it.
7. Use Firewalls: There are two types of firewall, a desktop firewall and a network firewall, try using both of them as they act as buffers between you, your computer and outside intruders.
8. Beware of Pop-Ups: Many popular browsers allow you to block pop-ups; if in case you allow it, don’t click on the “cancel” button; such buttons often lead to phishing sites. Instead, click the small “x” in the upper corner of the window.
9. Never Give Out Personal Information: You should never share personal or financial information over the Internet. Do not try to click on the phishing mail sent by the attackers in the official name as these phishing emails will direct you to pages where entries for financial or personal information are required. Make it a habit to check the address of the website. A secure website always starts with “HTTPS”.
10. Use Antivirus Software: Anti-spyware and firewall settings should be used to prevent phishing attacks as antivirus software scans every file which comes through the Internet to your computer and prevents damage.
Four ways that companies can defend against phishing attacks:
- Use an SSL Certificate to secure all traffic to and from your website.
- Keep up to date to ensure you are protected at all times.
- Provide regular security training to your staff about identifying phishing scams, malware and social engineering threats.
- Use a Securely Hosted Payment Page: Use a payment gateway provider that has up-to-date PCI DSS and ISO 27001 certifications to protect your customer’s privacy.
Conclusion
By keeping the preceding tips in mind, an individual or organizations can quickly spot some of the most common types of phishing attacks. Phishing is constantly evolving to adopt new forms and techniques. So keep updating your knowledge on all the scams and security practices with the help of an advanced cybersecurity course and also conduct security awareness training for your employees and executives to stay on top of phishing’s evolution.