What is a Phishing Attack
Phishing is a type of social engineering attack often used to steal user data, including login credentials and credit card numbers. This happens when an attacker, posing as a trusted entity, tricks a victim into opening an email, instant message, or text message. The recipient is then tricked into clicking a malicious link, which can lead to the installation of malware, the system freezing as part of a ransomware attack, or the disclosure of sensitive information. An attack can have devastating results. phishing attack For individuals, this includes unauthorized purchases, theft of funds, or identity theft.
Additionally, phishing is often used to gain a foothold in corporate or government networks as part of a larger attack, such as an Advanced Persistent Threat (APT) event. In the latter scenario, employees are compromised in order to bypass security perimeters, distribute malware in a closed environment, or gain privileged access to secure data.
An organization that succumbs to such an attack usually suffers serious financial losses in addition to declining market share, reputation, and consumer confidence. Depending on the scope, a phishing attempt can escalate into a security incident from which a business will struggle to recover
Types of Phishing Attacks
Most phishing attacks are sent by email. The scammer will register a fake domain that mimics a real organization and send thousands of generic requests. The spurious domain often involves the substitution of characters, such as using “r” and “n” next to each other to create “rn” instead of “m”. They may also use the organization name in the local part of the email address (for example, [email protected]) in the hope that the sender’s name will simply appear as “PayPal” in the recipient’s inbox. There are many ways to spot a phishing email, but as a general rule, you should always check the email address of any message that asks you to click a link or download an attachment.
Spear – Phishing
Spear – Phishing is a more targeted attempt to steal sensitive information and usually focuses on a specific person or organization. These types of attacks use personal information specific to the individual to appear legitimate. Cybercriminals often turn to social media and corporate websites to search for their victims. Once they have a better understanding of their target, they will start sending personalized emails with links that when clicked will infect a computer with malware.
Smishing and vishing
With both smishing and vishing, phones are replacing email as a means of communication. Smishing involves criminals sending text messages (the content of which is much the same as email phishing), and vishing involves a phone conversation. A common vishing scam involves a criminal posing as a fraud investigator (at the card company or the bank) telling the victim that their account has been hacked. The criminal will then ask the victim to provide their payment card details to verify their identity or to transfer money to a “secure” account – which means the criminal’s account.
What sets this category of phishing apart from others is the high-level target selection. A whaling attack is an attempt to steal sensitive information and often targets senior management. Whaling emails are much more sophisticated than your regular phishing emails and much harder to spot. Emails will often contain personalized information about the target or organization, and the language will have a more professional tone. Much more effort and thought will be put into creating these emails due to the high level of return for cyber criminals.
Clone phishing is the use of a legitimate, pre-delivered email to create an identical email with malicious content. The cloned email will appear to be from the original sender, but it will be an updated version with malicious links or attachments.
How Phishing Works
The basic element of a phishing attack is a message, sent by email, social media or any other electronic means of communication.
A phisher can use public resources, especially social media, to collect general information about their victim’s personal and professional experience. These sources are used to collect information such as the name of the potential victim, job title and email address, as well as their interests and activities. The phisher can then use this information to create a reliable fake message.
Typically, emails the victim receives appear to be from a known contact or organization. Attacks are carried out through malicious attachments or links to malicious websites. Attackers often create fake websites, which appear to be owned by a trusted entity such as the victim’s bank, workplace, or university. Through these websites, attackers attempt to collect private information such as usernames and passwords, or payment information.
Some phishing emails can be identified due to poor writing and misuse of fonts, logos, and layouts. However, many cybercriminals are getting more and more sophisticated at creating authentic messages and using professional marketing techniques to test and improve the effectiveness of their emails.
What To Do if You Responded to a Phishing Email
If you think a scammer has your information, like your social security, credit card, or bank account number, go to IdentityTheft.gov. There you will see the specific steps to follow depending on the information you have lost.
If you think you clicked a link or opened an attachment that downloaded malware, update your computer’s Security Software. Then run a scan.
How to Prevent Phishing Attacks
Organizations need to educate their employees to prevent phishing attacks, especially to recognize suspicious emails, links, and attachments. Cyber attackers are constantly refining their techniques, so continuous training is imperative.
Some telltale signs of a phishing email include:
- “Too good to be true” offers
- Unusual sender
- Bad spelling and grammar
- Threats of account closure, etc., conveying in particular a sense of urgency
- Links, especially when the destination URL is different from what appears in the email content
- Unexpected attachments, especially .exe files
- Additional technical security measures may include:
Two-factor authentication incorporating two methods of identity confirmation: something you know (e.g. password) and something you have (e.g. smartphone)
- Email filters that use machine learning and natural language processing to flag high-risk emails. DMARC can also prevent email spoofing.
- Augmented password logins using personal images, identity hints, security skins, and more.
This article covers the answers to some of your frequently asked questions: