Phishing is a type of social engineering attack often used to steal user data, including login credentials and credit card numbers. This happens when an attacker, posing as a trusted entity, tricks a victim into opening an email, instant message, or text message. The recipient is then tricked into clicking a malicious link, which can lead to the installation of malware, the system freezing as part of a ransomware attack, or the disclosure of sensitive information. This article will talk about the types of phishing techniques and prevention.
Here’s a quick look at five common phishing threats that often arise in corporate environments. Each example features “Bob,” a mid-level finance employee trying to get through his busy day and respond to hundreds of emails.
- Breach of trust – Bob receives an email from what he thinks is his bank asking him to confirm a wire transfer. The email takes him to a link that looks like his bank’s website, but it’s actually a “spoofed” but identical copy of his bank’s website. When he arrives on the page, he enters his credentials but nothing happens. Too late, Bob has just given his banking password to a cybercriminal.
- Fake lottery – Bob receives an email saying he won a prize in a raffle. Normally, Bob is too savvy to fall for this trick. However, this email is from her boss, Joe, and references a charity they both support. He clicks and ends up on a bogus page that loads malware.
- Updating data – Bob receives an email from Joe asking him to take a look at a document that is attached. The document contains malware. Bob may not even realize what happened. He looks at the document, which seems normal. The resulting malware can log its keystrokes for months, compromising the entire network, and lead to massive security breaches throughout the organization.
- Sentimental abuse – Bob receives an email from someone claiming to be Joe’s brother-in-law. He suffers from cancer and has had his insurance canceled. He asks Bob for a donation to help him recover from his illness. Bob clicks on the link and is redirected to a bogus charity site. The site could host malware or simply steal Bob’s credit card information via a bogus “online donation”.
- Imitation – Bob receives an email from his boss Joe, who says he needs money wired to a supplier known as prepayment for an emergency job. Can Bob transfer the money to them right away? It sounds pretty routine. Bob transfers the money to the requested account. The money is nowhere to be found and never seen again.
Prevent phishing attacks
- Stay informed about phishing techniques – New phishing scams are constantly being developed. Without staying on top of these new phishing techniques, you might inadvertently fall prey to them. Keep your eyes peeled for new phishing scams. By finding out about them as early as possible, you will run a much lower risk of being trapped by one. For IT administrators, ongoing security awareness training and phishing simulation for all users is highly recommended to keep security in mind throughout the organization.
- Think before you click! – It’s good to click on links when you are on trusted sites. However, clicking on links that appear in random emails and instant messages is not such a smart decision. Hover over links that you are not sure about before clicking on them. Are they leading where they are meant to lead? A phishing email may pretend to be from a legitimate business and when you click on the link to the website, it may look exactly like the real website. The email may ask you to fill in the information, but the email may not contain your name. Most phishing emails start with “Dear Customer”. So you need to be careful when you come across these emails. If in doubt, go straight to the source rather than clicking on a potentially dangerous link.
- Install on Anti-Phishing Toolbar – Most common Internet browsers can be customized with anti-phishing toolbars. These toolbars perform quick checks on the sites you visit and compare them to lists of known phishing sites. If you come across a malicious site, the toolbar warns you. This is just an extra layer of protection against phishing scams, and it’s completely free.
- Check the security of a site – It is natural to be a little wary of providing sensitive financial information online. As long as you’re on a secure website, however, you shouldn’t have any issues. Before submitting any information, make sure the site URL begins with “https” and that there should be a closed padlock icon near the address bar. Also check the site’s security certificate. If you receive a message that states that a certain website may contain malicious files, do not open the website. Never download files from suspicious emails or websites. Even search engines can display certain links that can lead users to a phishing web page with low cost products. If the user makes purchases on such a website, the credit card details will be accessible to cyber criminals.
- Regularly check your accounts online – If you don’t visit an online account for a while, someone might spend a day in the field with them. Even if you don’t technically need it, register regularly with each of your online accounts. Also, get in the habit of changing your passwords regularly. To avoid bank phishing and credit card phishing scams, you should personally check your statements regularly. Get monthly statements from your financial accounts and carefully check each entry to make sure no fraudulent transactions have been made without your knowledge.
- Keep your browser up to date – Security fixes are continuously released for popular browsers. They are published in response to security vulnerabilities that phishers and other hackers inevitably discover and exploit. If you generally ignore the messages about updating your browsers, stop. As soon as an update is available, download and install it.
- Use firewalls – High quality firewalls act as buffers between you, your computer and outside intruders. You must use two different types: a desktop firewall and a network firewall. The first option is a software type and the second option is a hardware type. When used together, they greatly reduce the chances of hackers and phishers infiltrating your computer or network.
- Beware of pop-ups – Pop-ups often masquerade as legitimate components of a website. However, all too often these are phishing attempts. Many popular browsers allow you to block pop-up windows; you can allow them on a case-by-case basis. If you manage to slip through the stitches of the net, do not click the “undo” button; these buttons often lead to phishing sites. Instead, click on the little “x” in the top corner of the window.
- Never give out personal information – As a general rule, you should never share personal or financially sensitive information over the Internet. This rule dates back to the days of America Online, when users had to be constantly alerted because of the success of early phishing scams. If in doubt, go to the main site of the company in question, get their number and call them. Most phishing emails will direct you to pages where financial or personal information entries are required. An Internet user should never make confidential entries via the links provided in e-mails. Never send an email containing sensitive information to anyone. Make a habit of checking the website address. A secure website always begins with “https”.
- Use antivirus software – There are many reasons to use antivirus software. Special signatures included with antivirus software protect against known workarounds and technology flaws. Just make sure to keep your software up to date. New definitions are added all the time because new scams are also being imagined all the time. Anti-spyware and firewall settings should be used to prevent phishing attacks and users should update programs regularly. Firewall protection provides access to malicious files by blocking attacks. Antivirus software scans all files that pass through the Internet to your computer. It helps to avoid damaging your system.
Source by Mohamed Yunus A Vanathode