Phishing | How to recognize them and avoid them
Posted by: Golden Avenue | Date: 29 March 2019
Phishing is a deceitful attempt by scammers to get your personal information such as Bank account numbers, credit card details, passwords etc. It is a cyber crime that lures individuals to provide sensitive and confidential information by posing as a legitimate organization, via email, telephone or messages.
The common types of Phishing are
1. Deceptive phishing by email
Fraudsters impersonate a genuine company and attempt to steal people’s personal information, login credentials using fake emails. These emails repeatedly use threats, and a sense of urgency to create panic for users into giving the information they are after. For example, credit card scammers might send out a fake email that instructs them to click on a link in order to rectify an error in their account. In actuality, the link leads to a fake login page that collects the user’s login credentials.
2. Vishing or phishing by Telephone
Vishing or “voice phishing”, is when a scammer uses the phone to trick consumers into revealing personal information. Criminals posing as bank manager, employee of a software firm, or any other known organization, will leave a voicemail message or make telephone calls directing people to the bogus phone number. The purpose of the caller is to trick you into sharing confidential information.
3. Smishing or phishing by SMS
The user usually receives a SMS or WhatsApp message informing about an unbelievable offer from an online store, or flight or movie tickets, etc. This message will ask you to redeem the offer by clicking on a link. Once it’s clicked, it will take you to a fake website that might ask you to share confidential information or infect your device with a virus.
One treacherous form of phishing involves modifying the domain name resolution system (DNS) to redirect users to false web pages. It manipulates the host file to redirect the domain name of genuine businesses to imitation websites, so that the hackers can collect the confidential and sensitive information entered in these websites by users.
5. Spear phishing
In spear phishing scams, hackers customize their assault emails with the target’s name, job title, name of company, work phone number etc., in an attempt to trick the recipient into believing that they are a legitimate sender. The purpose is the same as deceptive phishing but instead of mass assault through fraudulent email, a specific victim is targeted to lure them into clicking on a malicious URL or email, so that they will enter their personal data.
6. Whaling/CEO fraud
Whaling is also known as CEO fraud. It is the same as spear Phishing, except the target here is a CEO or a CFO of a bigger organization. This threat is very real and growing. For Example, Snapchat received a whaling email seemingly sent from the CEO asking for employee payroll information. Toy manufacturer Mattel was a victim to a whaling scam when a top finance executive received an email requesting a money transfer from a fraudster impersonating the CEO.
7. Dropbox / Google docs phishing
More businesses increasingly use cloud-based services to store sensitive client and corporate data. This type of phishing targets Dropbox , Google Doc and Google Drive users with a lookalike login page designed to steal their username and password. Once the information is obtained, hackers can steal personal bank docs, confidential docs stored in your account in the cloud.
Effects of phishing
Stealing of identity and confidential details could result in financial losses for consumers and businesses. Some even result in preventing them from accessing their own accounts, which results in loss of productivity. Unlike other phishing methods, pharming attacks are a continuous process, as the alterations made by the hacker to the host’s file remains on a computer somewhere, waiting for users to access online banking services.
Some tips to avoid phishing attacks
- Keep away from accessing websites via links in email messages or SMS, especially those asking for personal information. Do not fill any kind of form that comes along with an email.
- Be aware that Banks never ask for confidential information via emails, calls or texts.
- Whenever you are sharing your personal or financial information online, ensure it’s secure. Make sure that the website’s URL begins with “https” instead of “http”, and has a lock symbol on the website. Clicking on the lock icon should display the digital certificate of authenticity of the website.