top of page

What is Phishing? How to be safe from Phishing.

Updated: Oct 8, 2022

The phrase "phishing" is a play on the word "fishing," because thieves want to "bite" victims by supplying the information demanded by criminals, such as credit card numbers, account numbers, passwords, usernames, or other valuable information (legitimate-looking email, website or ad).


Phishing is a sort of social engineering attack that is frequently used to acquire user information such as login passwords and credit card details. It happens when an attacker poses as a trustworthy entity and tricks the victim into opening an email, instant message, or text message. The receiver is subsequently duped into clicking a malicious link, which can result in malware installation, system freeze as part of a ransomware assault, or the disclosure of sensitive information.


Phishing is frequently used as part of a bigger assault, such as an advanced persistent threat (apt) event, to build a foothold in business or governmental networks. Employees are compromised in this scenario in order to circumvent security perimeters, propagate malware within a closed environment, or get privileged access to guarded data.





Types of phishing attacks

  • Standard email phishing – possibly the most well-known type of phishing, this assault attempts to collect critical information through an email that looks to be from a respectable firm.

  • Malware phishing – This assault, which employs the same strategies as email phishing, urges recipients to click a link or download an attachment in order for malware to be placed on the device. It is presently the most common type of phishing attack.

  • Spear phishing – Whereas most phishing attempts cast a wide net, spear phishing is a highly targeted, well-researched attack that typically targets company leaders, public figures, and other profitable targets.

  • Smishing – SMS phishing sends dangerous short links to smartphone users, which are frequently disguised as account reminders, reward announcements, and political messages.

  • Search engine phishing - In this sort of attack, cyber thieves create fake websites in order to obtain personal information and direct payments. These sites may appear in organic search results as well as sponsored adverts for popular search queries.

  • Vishing – Vishing, also known as voice phishing, includes a hostile caller impersonating tech support, a government agency, or another entity in order to get personal information such as banking or credit card information.

  • Pharming : Pharming, also known as DNS poisoning, is a highly complex kind of phishing that uses the internet's domain name system (DNS). Pharming is the practise of redirecting genuine web traffic to a faked website without the user's awareness, generally in order to steal vital information.

  • Clone phishing - In this form of attack, a malicious actor hacks a person's email account, modifies an existing email by replacing a genuine link, attachment, or other element with a malicious one, and sends it to the person's contacts in order to propagate the infection.


How to prevent phishing attacks



  1. Do not click on harmful links: Even if you know the sender, it is typically not a good idea to click on a link in an email or instant message. The very least you should do is hover over the link to verify whether the destination is right. Some phishing attempts are rather clever, with the destination URL appearing to be a carbon clone of the legitimate site, set up to capture keystrokes or collect login/credit card information.

  2. Enable multi-factor authentication (also known as 2fa) for your online accounts. Along with the password, you will be requested to input a security code texted to your phone while using 2fa. It takes longer, but it also makes your account much more difficult to hack.

  3. Employ a password manager. You may use these applications to log in without storing a hard copy of your passwords.

  4. Use a VPN to browse safely. By encrypting whatever information you send, a vpn (virtual private network) allows you to conceal your location or transaction data. It's analogous to sending a coded communication to the internet, with only the intended receiver having the key to decipher and access it. This prevents phishers and other hackers from spying on your internet activity.

  5. Ensure that your operating system and browser are up to date. We all know that updates frequently arrive when you don't have time to install them. They are, however, built for a reason: the software supplier may have discovered flaws in their system and developed remedies to increase security.

  6. In order to combat the threat of phishing, organisations must provide frequent employee awareness training. Your team can only develop healthy habits and spot fraudulent messages as second nature if you repeatedly provide instructions on how to avoid fraud.


60 views0 comments

Recent Posts

See All

Attack on Florida Hospital

According to the healthcare network, an apparent cyberattack has forced some emergency patients to be transferred to other facilities and some non-emergency surgeries to be cancelled. Tallahassee Memo

Comments


bottom of page