what is phishing attack Reading Time: 3 minutes

What Is Phishing?

Phishing is a method employed by cybercriminals to access email accounts and systems using deception rather than defeating security protections. In basic phishing attacks, cybercriminals send an email that appears to be legal, tempting the victim to open an attachment or click on a link. This click could result in loading malware onto the victim’s computer or it could take the victim to a realistic-looking website. In several cases, the aim is to capture user credentials without the knowledge of the victim. Cybercriminals have discovered that it is usually easier to delude a victim into clicking a link instead of breaking through technology defenses.

Common Phishing Attacks

Email phishing
A phishing email is a fake email that appears to be like a crucial communication sent by a popular website or a bank. This email puts forth a tone of urgency and thus succeeds in tricking you into downloading an attachment or clicking on a link.

You will be taken to a fake website when you click on a link in a phishing email. This website could just drop a virus on your device or it could ask you to share classified information.

In many cases, downloading an attachment will infect your computer with a virus.

Phishing by SMS
This phishing attack that uses SMS is known as SmiShing. You will get an SMS, for instance, a WhatsApp message, informing you about an incredible offer. In this SMS you will be asked to redeem the offer by clicking on a link. After you click this link, you will be taken to a fake website that could infect your device with a virus or ask you to share confidential information.

Phishing by call
In a phishing call scam, you will get a phone call from a person acting like a bank manager, a software firm employee, or a known organization. This phishing call aims at tricking you into sharing private and vital details such as ATM PIN, expiry date, CVV, debit card number, and OTP.

Phishing techniques used by attackers:

  • Spoofing the sender address in an email to look like a reputable source and request sensitive information
  • Installing a Trojan through a malicious email attachment or advertisement allowing the intruder to exploit loopholes and then get all the required sensitive information
  • Attempting to gather company information using a phone by posing to be a known IT department or company vendor
  • Embedding a link in an email that redirects your employee to an unsafe website requesting sensitive information

How to prevent phishing scams

Protection of your personal information

  • To prevent yourself from becoming a victim of a phishing scam, you will have to be extremely cautious with your personal information including your passwords and usernames.
  • When you enter your password/username and several other information, that information gets transmitted to the con artist, who can actually misuses it at a later stage
  • A few phishing scams divert you to a deceitful website that looks like your bank’s website or a similar trusted source.

Become familiar with the common phishing language:

  • Be aware of common phishing language present in emails like “Verify your account.”
  • Legitimate businesses will never send you an email to ask for sensitive personal information or your login information.
  • Look out for emails that attempt to put forth a sense of urgency.
  • Directly get in touch with the company to inquire about such emails, when you suspect an email phishing activity, instead of using any link or other contact information provided in the email.
  • Always look out for emails that do not address you directly.
  • A few email phishing scams use your name in the email, whereas many are sent out as spam messages to thousands simultaneously.

Look out for suspicious Emails and prevent clicking suspicious links

  • Do not click links sent along with suspicious emails.
  • Addresses that appear to be official, could usually comprise of conspicuous differences that redirect you to a fraudulent site.
  • Be extremely suspicious of any emails sent to you from trustworthy entities like your bank.
  • Avoid clicking on the link and instead type in the web address of the institution into the browser in order to access the website.

Count on authenticated websites:

  • when you visit a website with a padlock, click on the padlock.
  • You will get to see the name of the organization that applied for the padlock. You can suspect a phishing activity when the name does not match the name you know.
  • Prevention is better than cure, hence it is always a good practice to look at all the websites and emails with a pinch of suspicion just to prevent email phishing and other phishing activities. This will help you to save thousands of dollars and a lot of your valuable time.

Related Resources
Website Malware Scanner

What Is An ITSM Tool