Phishing is scam that is carried out to collect valuable information through the means of unsolicited email, phone calls or text messages. It gets its name from “fishing” as the bait is set by the scammers and wait for victim to take the bait.
As an individual, the probability of being involved in phishing scam is very high. According CISCO, phishing is the second most common cyber-attack after malwares. Often phishing can lead to malware being installed in your device. We will focus on types of phishing, the methods used for phishing and how to prepare our self against such scams.
Types of Phishing
This is the most common form of phishing attack where the adversary will register a fake domain that looks close to legitimate and send thousands of generic requests. Often the fake domain registered will be very close to organizational domain that the attacker is targeting.
This is a highly targeted attack where the adversary has some prior knowledge of the target. here is interesting article on one of the most famous spear phishing attacks.
This again a targeted attack where the victims are normally senior executives in an organization. The attack will be well scripted and not just a link to fill up information such as a normal phishing attack.
The adversary uses social media as a means to perform attacks. A fake or malicious link is introduced to users through posts or through messaging apps.
types of phishing
How to protect our self from phishing?
First of all, be careful of all forms of communication you receive. If you even get slightest hint of “something is not right” do not open it, if possible, delete it.
Check if the email content and the sender address match or make sense. If it is a phone call, try to get more information of the caller before disclosing any personal information. If the caller is persuading you to give more information or asking for payment, just hang-up.
Do not click any links or attachments in an email if you feel its suspicious.
Do not enter any personal information if a pop-up form is presented to you. If they are from legitimate companies or agencies, they will not ask for any personal information in such a manner or without proper consent.