How do Phishing Attacks Happen?
Phishing is one of the oldest hacking techniques, almost as old as the Internet itself. Due to its simplicity, it has prevailed and evolved over the decades, so much so that it still presents a threat in today’s online world. In this week’s Zlog, we’re going to take a look at this old, but increasingly sophisticated hacking technique and share with you some tips on how to avoid getting hooked on phishing scams.
What is Phishing?
Before we get deeper into the specific types of phishing and how to avoid them, let’s take a second to look at what it is and what the primary goal of phishers is. Phishing is a cybercrime in which attackers try to steal your valuable personal or financial information by impersonating a known individual, business partner, or brand.
Once the attackers obtain the information, they sell it to the highest bidder or misuse it to amass money, often at the expense of the victim. In some cases, attackers don’t only steal your information, but also inject your device with malicious software, which has significantly longer-lasting consequences.
Types of Phishing
There are countless varieties of phishing, but we’re going to take a look at the most common ones. These four categories are classified based on the channel they occur.
Spear Phishing
Spear phishing is any attempt that involves hackers trying to catch victims with appealing messages. In this case, phishers identify specific targets, try to gather as much information on them as possible, and use spoofed email addresses to make it look like the phishing email is coming from someone they know and trust. Spear phishing is the most common type of phishing attack.
Whaling
Whaling isn’t a specific type of phishing, but more of a variation of spear phishing. It is an attack in which scammers target whales- CEO’s of big companies or other high-value targets. Most of these scams are directed towards board members, advisors, or high-paying employees who have a lot of authority within the company but aren’t full-time employees and often communicate through a personal email address instead of a corporate one. Due to its complexity, this is undoubtedly a more sophisticated method that requires much more planning and time, but one that comes with a big payoff.
Vishing and Smishing
Vishing refers to phishing that’s carried out over phone calls, while Smishing targets users through SMS alerts. The former allows the phishers to gather confidential information directly from the victim by impersonating to be calling for a friend, relative, or any other related party. As for the latter type of phishing, users receive either a fake direct message or fake order with a cancelation link. The link then leads to a fake page designed by the attacker to collect personal data.
Search Engine Phishing
Search engine phishing is a type of attack in which attackers build entire websites, target specific keywords, and wait for unsuspecting visitors to land on their platform. The search process you use may be legitimate, but once you click on the link for the website, you can’t recognize you’re being targeted until it’s too late. Some of the most common types of search engine phishing include discount offers or job opportunities. Due to the drastic rise of such websites, we advise you to always verify the legitimacy of a site before accessing it.
How to Avoid Phishing
While there is no full-proof way to avoid such attacks, there are some guidelines you should keep in mind that will keep you safe and help you avoid becoming a victim of a phishing attack.
- Keep in touch with the latest phishing techniques– The four types of scams we mentioned above are currently the most common ones. But, attackers are continually developing new ways to trick online users. Without staying in touch with the latest scams, you can easily fall victim to one.
- Think before you click– We often click on links to websites before checking if they’re legitimate. This is a risky practice that can lead you to a fake copy of a website that’s designed to look like the real thing.
- Keep your apps up to date– This especially counts for browsers. Browser security patches are released regularly with new updates that close any existing loopholes hackers manage to find.
- Use Firewalls and add–blockers- Firewalls do an excellent job of blocking any unwanted intruders. In the same breath, add-blockers can help you get rid of pop-ups, which often lead to fake websites.
- Use Antivirus and VPN software- There are plenty of reasons to combine antivirus and a VPN service, many of which we talked about in previous blog posts. By combining the two, you should be able to enjoy a completely safe online experience.