What is phishing? How this cyber attack works and how to prevent it.

Phishing is a type of social engineering attack that is used to steal data, and it also a cybercrime that targets contact with email telephone, text message, generating links, banking, credit card details, debit card details, and password. This information can be taken and access your account and withdrawal the money. Many times, a hacker can send a link, if you click a link then your account has been empty because people have clicked a malicious link then immediately installation of malware and freeze your system and desktop and take the information easily. It is mainly done by email. It is a common type of cyber-attack that all people should learn how to protect themselves.

History-

The first case of Phishing started in 2004 in the United state of California. A teenager created a fake website called “America Online”. Use this fake website and collect sensitive data (information) from the user and access the debit card, credit card details, bank account, and withdraw money from the account without the permission of the account holder. After this, they can use many forms of phishing like – email phishing.SMS (short message services) phishing and many other techniques can be used for phishing.

Types of Phishing –

  1. Email phishing-

Approx all Phishing messages are delivered by email and text messages, and it is not a personalized target. It’s a specific community and company and same age group of people, this is also called ‘Bulk Phishing’. The bulk phishing message is delivered depending on the goal of the attacker and Hackers. Hackers are specially targeted in the bank and financial services sector. Attackers use malware viruses and steal money from the victim. After stealing the money, it is impossible to return the money from the victim’s account.

There are three types of Email phishing

A)   Too good to be true

This is also known as eye-catching because hackers have designed to attract people’s attention immediately on the link and they claim that you have won an iPhone, cars, flat, gold, laptop, or some other expensive product. Just don’t click on any suspicious link or email.

B) Attachment

If you see any attached file in our email and you don’t know who will send it, then don’t open it, because this type of file contains ransomware or many other viruses.

C)Hyperlinks

You can not click any random link because at this time a link can totally change their alphabet. For example, www.skrs.com – s is actually for ‘t’ and k is actually for ‘R’. 

Generally, Email phishing ask this type of information

Username and password

Bank account number

PINs (Personal Identification Number)

Credit card number and Debit card number

Your Date of Birth

(Google and Gmail never ask this type of information)

  •  Spear phishing-

In spear phishing, attackers directly target a specific community, organization. In bulk phishing and spear phishing, attackers collect the personal information of their target to increase their probability of success of an attack. Spear phishing only targets an executive or those who work in a financial department that has access to the organization’s sensitive financial data and services. In 2016 attackers attacked more than 1800+ Google accounts.

How to prevent spear phishing –

  1. You have to not post your personal information on the internet.
  2. Do not use the same password, you have to use a different password for every account. And don’t set your date of birth as password, nickname, mobile number.
  3. Every month updates your software because updating software should help to protect your common attack. If possible then enable automatic software updates.
  4.  If you work in an organization, such as a bank, don’t directly click any link.  You have to check the destination of the link by hovering the mouse on the link. If the URL does not match the link then don’t click on the link. Because there is a high chance that it could be malicious.
  5. If you get an email from a “friend” asking for personal information like username and password then check if their email address is your friend or not.

3) Clone Phishing –

Clone phishing is also a type of phishing attack where the hackers copy our legal documents. Clone phishing is different from other phishing. A clone phishing attack uses a previously sent email that documents attachments or links. A clone is a copy of the original document where the document or links are replaced with malware or a virus. A clone phishing is just like it is being sent by the original sender. Hackers send emails to a large number of recipients and wait for victims who click them. This type of attack is very dangerous.

Critical features of Clone phishing

a) It is a duplicate copy of the original document.

b) The email contains links and documents that are malicious in nature.

c) The email id will be fake.

d) The clone email just usually appears like an existing email.

Example of clone phishing

  1. Message that contains, there is a big discount or credit offer.
  2. Click on the link and get your refund.
  3. Hurry up before the expiration of the offer, click on the link.
  4. Invitation for click for friend invite.
  5. Email that promises an award like you win an iphone, gold, cars etc.

Preventing of clone phishing

  • Aware of the clone phishing email.
  • The link mentioned in the clone, email does not match with the actual link, then don’t click on the clone.
  • You have to use anti-spam software.
  • Beware of spotting clone phishing.

4) Voice phishing –

Voice phishing is used on the telephone and mobile. It is the use of fake phone calls and giving money and revealing personal information. It is the new name of telephone scams.

How to catch voice phishing-

  1. Offers from the companies and force to take the investment.
  2. Announcement that you have won a prize.
  3. Promises of a very big return of money.

Protect yourself from voice phishing

  1. Do not pay fees for prizes offered by phone.
  2. Do not share our personal information like credit card details and bank account numbers, date of birth, any personal information.
  3. Do not send money from any given person.
  4. Don’t trust caller ID.
  5. Follow the guidance of FTC (federal Trade commission)

 5) SMS (Short Message Services) phishing-

SMS phishing is a mobile phishing attack that sends a message to a group of people. These phishing sites try to steal the data of customers and misuse the data. Approx 81% of people face this problem.

Common list of SMS phishing

  1. The fake prize money offer
  2. Technical support notification
  3. Bank account balance warning

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Back To Top