Phishing is a form of fraud where attacker tries to learn information such as login credentials or account information by masquerading as a reputable entity or person in email, IM or other communication channels. Phishing scams are typically fraudulent email messages appearing to come from legitimate enterprises like your college, internet service provider, bank etc, mainly targetted at stealing your money. Cybercriminals can do this by installing malicious software on your computer or stealing personal information off your computer. They also use social engineering to convince you to install malicious software or hand over personal information under false pretenses. The perpetrators then use this private information to commit identity theft. Typically a victim receives a message that appears to have been sent by a known contact or organisation. An attachment or links in the message may install malware on the user’s device or direct them to a malicious website set up to trick them into divulging personal and financial information, such as passwords, account IDs or credit card details.
Phishing is popular with cybercriminals, as it is far easier to trick someone into clicking a malicious link in a seemingly legitimate email than trying to break through a computer’s defenses. Although some phishing emails are poorly written and clearly fake, sophisticated cybercriminals employ the techniques of professional marketers to identify the most effective types of messages. To make phishing messages look like they are genuinely from a well-known company, they include logos and other identifying information taken directly from that company’s website. If you provide the scammer with your details online or over the phone, they will use them to carry out fraudulent activities, such as using your credit cards and stealing your money. Phishing scams vary widely in terms of their complexity, the quality of the forgery, and the attacker’s objective. There are numerous types of phishing, which include:
– Spear phishing
Phishing attacks directed at specific individuals, roles, or organisations. Attackers may go to great lengths to gather specific personal or institutional information in the hope of making the attack more believable and increasing the likelihood of its success. The best defense against spear phishing is to carefully, securely discard information that could be used in such an attack.
Whaling is used to describe phishing attacks directed specifically at executive officers or other high-profile targets within a business, government or other organisation.
A global stude released by the Anti-Phishing Working Group (APWG) in 2014 suggests that 54% of phishing emails targeted major brands including Apple, Paypal, and Chinese marketplace Taobao, indicating that phishers update their approaches looking out for new victims in niche industry segments. Phishing emails are blindly sent to thousands, if not millions of recipients. By spamming large groups of people, the “phisher” counts on the email being read by a percentage of people who actually have an account with the legitimate company being spoofed in the email and corresponding webpage.
How to Deal with Phishing Scams
Immediately delete email and text messages that ask you to confirm or provide personal information. Remember, legitimate companies don’t ask for this information via email or text. They might even threaten to close your account or take other action if you don’t respond, but do not reply and do not click on links or call phone numbers provided in the message. If you’re concerned about your account or need to reach an organisation you do business with, call the number on your financial statements or on the back of your credit card. If you think you have provided your account details to a scammer, contact your bank or financial institution immediately. You are also advised to lodge a report with your local authorities to ensure the personal information you provided is not misused in any way. If you need any help on any IT Security Services, feel free to contact IT Solution.