The phishing attacks are another deceptive experience criminals have in store for us. Not a surprise, since the Internet and its amazing development have also attracted people from the dark-criminal side.
How to get profits is a question with legal but also illegal answers. And phishing belongs to the second group. It is a fraudulent way to take advantage of people and/or organizations, to get their money.
What is phishing?
Phishing attacks are a fraud attempt driven through digital communication, mostly e-mails. The illegal method involves impersonating reliable entities to persuade people to reveal their sensitive data.
Phishing uses messages (e-mail, SMS, etc.) to approach targets. Malicious images or links are attached for you to click on and set up malware that gives criminals control over your system. Or those links can direct to fake websites for entering sensitive data (login credentials, bank card details, etc.).
4 common phishing attacks.
- Spear phishing. Shady people research companies’ websites, social networks, etc., to get the personal data of targets to send them personalized messages. They know you have kids, an e-mail with your name, current job, etc. A message including such information gets more convincing. The report of strange activity on bank accounts, services’ renovation, a job offer, prize, or attractive coupon will urge you to “confirm” your data through a forged website.
- Whaling phishing. It works pretty much like spear phishing. The difference is whaling targets top-line executives from organizations. Again, the objective is for victims to download malware or fall into forged websites to reveal sensitive information (personal or from the organization).
- Angler phishing. On social networks, tons of personal data are publicly shared, and criminals can communicate with a perfect cover. People get persuaded to click dangerous URLs for downloading malware, providing sensitive data, etc.
- Vishing. Voice and phishing are the weapons. Criminals approach people through e-mails to get their data. But while trying to transfer your money to their accounts or to purchase something, the operation requires an SMS code to be validated. Criminals don’t quit, so they call you impersonating a bank executive or another character to get that code.
How to protect yourself from phishing attacks?
Improve your security. Phishing approaches victims through e-mails. Use MTA-STS, DMARC, DKIM, SPF. They are e-mail authentication methods for detecting and stopping messaging threats like phishing.
Enable two-factor authentication (2FA). The basic combination user/password is not safe anymore. Add a layer of security through 2FA to prevent spoofed accounts. Basically, people will have to prove their identity through a second attempt to get access.
Anti-spam filters. Filtering is another choice for identifying unwanted and virus-infected messages and stop them not to reach inboxes.
Software for virus detection and clearing. Have an efficient anti-virus software to keep your organization’s devices free of threats. Remember that phishing can attack your employees as a way to reach your organization’s sensitive data.
Follow daily safe practices.
Limit the information you make public.
Open e-mails just after checking the sender’s address. Not checking it completely makes you skip details that can point to a phishing attempt. Example: firstname.lastname@example.org, just by reading this, you can know there’s no bank that will communicate via Gmail account.
Don’t click on attached links or download files without verifying them first.
Check your e-mails with time, never in a hurry. Lack of attention leads to mistakes and deceptive destinations.
Double-check by a different means (phone, person to person) urgent notifications about bank movements, tax or health care notifications, prizes, etc.
Phishing can be a disaster for individuals and organizations. The human factor is totally involved in this crime. Enhance your security with modern technology, but don’t underestimate training yourself and your team to avoid this risk.