What is Phishing, and how can we avoid being caught is a question I am often asked. Well, let me explain. Phishing is a form of fraud where the attacker attempts to steal personal information such as your computer username, the password and your banking details to gain access to your accounts.
The goal of the phisher is the theft of sensitive information, your money and your identity. In this article, I explain what phishing is and how you can prevent being caught by a phisher.
Types of phishing scams
Phishing attacks vary according to the attacker’s objective, the complexity of the fraud and quality of the forgery. Also popular is the targeting of specific individuals, known as Spear Phishing and in the case of C-level executives it is called Whaling,
A popular type of phishing is called deceptive phishing. In this scam, fraudsters impersonate a legitimate company and attempt to steal personal information and login credentials
Spear Phishing
Spear phishing is a form of attack that targets specific individuals, roles or organisations. Attackers first do in-depth research about the person or organisation they plan to target, making the attack more believable and thereby increasing the possibility of success.
Whaling
“Whaling” describes spear phishing attacks directed at executive officers or other high-level targets in business or government. The goal is to trick the target into disclosing sensitive corporate or governmental information through social engineering, email spoofing and content spoofing efforts.
Deceptive Phishing
Deceptive Phishing is the most common type of phishing scam. The intention is to impersonate a legitimate company’s official correspondence. To protect yourself from this kind of attack:
- Always check the URLs for redirections to unknown websites
- Look for generic salutations
- Check for grammar and spelling errors scattered throughout the email
Pharming
Some of the more popular phishing techniques are:
- Embedding a link in an email that redirects you to a scam website
- Installing a Trojan via an email attachment that allows the intruder to obtain sensitive information
- Changing (spoofing) the sender address in an email to appear as a reputable source and request confidential information
- Requesting confidential company information over the phone by impersonating an employee
Conclusion
We often get asked, “what is phishing and how to avoid it?” Well, phishing is a form of fraud where the attacker attempts to steal personal information such as your computer username, the password and your banking details to gain access to your accounts.
Educating the end-user to these threats and implementing anti-malware and anti-spyware solutions will reduce the success rate of the phisher.