PHISHING
“Phish” is pronounced just like it’s spelled, which is to say like the word “fish”. The analogy is of an angler throwing a baited hook out there (the phishing email) and hoping you will eat. Just Don’t Become The Phishing Victim.
Technically, phishing mean a method of trying to gather personal information using deceptive e-mails and websites. It uses disguised email as a weapon. The goal is to trick the email recipient into believing that the message is something they want or need a request from their bank. And also a note from someone in their company and to click a link or download an attachment.
What the attacker wants?
Hand over sensitive information.
These messages aim to trick the user into revealing important data. Often a username and password that the attacker can use to breach a system or account. The classic version of scam involves sending out an email that look like a message from a major bank. By spamming out the message to millions of people, the attackers ensure that at least some of the recipients will be customers of that bank. The victim clicks on a link in the message and is taken to a malicious site designed to resemble the bank’s webpage. Then, hopefully enters their username and password. The attacker can now access the victim’s account.
Download malware.
Like a lot of spam, these types of phishing emails aim to get the victim to infect their own computer with malware. Often the messages are “soft targeted.” They might send them to the HR staffer with an attachment that purports to be a job seeker’s resume, for instance. These attachments are often .zip files, or Microsoft Office documents with malicious embedded code. The most common form of malicious code is ransomware. In 2017, it was estimated that 93 percent of phishing emails contained ransomware attachments.
Types of phishing
Spear phishing
When attackers try to craft a message to appeal to a specific individual, that’s called spear phishing. Identify their targets and use spoofed addresses to send emails that could plausibly look like they’re coming from co-workers. For instance, the spear phisher might target someone in the finance department and pretend to be the victim’s manager requesting a large bank transfer on short notice.
Whale phishing
Whale phishing, or whaling, is a form of spear phishing aimed at the very big fish. For example, CEOs or other high-value targets. Many of these scams target company board members, who are considered particularly vulnerable. They have a great deal of authority within a company. But since they aren’t full-time employees, they often use personal email addresses for business-related correspondence, which doesn’t have the protections offered by corporate email.
Gathering enough information to trick a really high-value target might take time, but it can have a surprisingly high payoff. In 2008, cybercriminals targeted corporate CEOs with emails that claimed to have FBI subpoenas attached. In fact, they downloaded keyloggers onto the executives’ computers. And the scammers’ success rate was 10%, snagging almost 2,000 victims.
How to prevent?
- Always check the spelling of the URLs in email links before you click or enter sensitive information.
- Watch out for URL redirects, where you’re subtly sent to a different website with identical design.
- If you receive an email from a source you know but it seems suspicious, contact that source with a new email. Don’t just simply hit the reply button.
- Don’t post personal data, like your birthday, vacation plans, or your address or phone number, publicly on social media.
In conclusion, being one of those victims can cause so much lost for you yourself. We hope that after reading this article which is, Don’t Become The Phishing Victim, you can avoid yourself from being cheated.