Phishing is a sort of social engineering-based cyberattack. By impersonating a legitimate entity or institution, fraudsters contact their targets by sending fraudulent messages via email, text message, or phone call, tricking them into disclosing sensitive information such as passwords, credit card details, personally identifiable information, bank details, payment orders, and so on. The victims are enticed by the fraudsters’ requests that they click a link, contact an email address, or call a phone number. Financial loss and identity theft may result from the information provided.
Since the 1990s, phishing has been one of the most popular and leading fraudulent operations around the world, resulting in data breaches.
It is pronounced similarly to the term “fishing,” which refers to a fisherman casting a baited hook out into the open (in this case, the emails) in the hopes that one of the preys (email recipients) will eat the bait.
A phishing attempt can include an email that suggests a victim’s password is about to expire and directs them to a page where they must enter a new password within a certain time frame. The fraudsters watching the page will ask for both old and new passwords, and the original password will be hijacked, giving them access to the information.
Phishing attacks can be classified as follows:
• Email phishing
• Spear phishing
• Clone phishing
• Whaling and CEO fraud
• Voice phishing
• Page hijacking
A sense of urgency, hyperlinks, attachments, an odd sender, too good to be true, and other characteristics of phishing emails are common.
- Social Engineering: This is a psychological manipulation technique in which users are duped into completing behaviors such as opening attachments, clicking links, exposing secret and sensitive information, and so on.
- URL Manipulation: To deceive people into disclosing information, fraudsters frequently misspell URLs (Uniform Resource Locators) or use subdomains.
- Anti-phishing Filter Evasion: Fraudsters utilize graphics rather than words to make it more difficult for anti-phishing filters to detect the text used in these phishing emails.
How to Protect Yourself from Phishing Attacks
• Spam filters can be used to keep spam out of your inbox. The filter looks at the software used to send the message, the message’s origin, and the message’s appearance to see if it is a spam email. Spam filters have the disadvantage of blocking emails from reputable sources; thus, they are not 100 percent accurate.
• If an email has a link, look for the URL first. Secure websites begin with “https” and have a valid secure socket layer (SSL) certificate.
• In the browser options, enable enhanced protection. This protects you from malicious websites, downloads, and extensions in advance. It also cautions about data breaches caused by passwords.
• Passwords should be changed on a regular basis, and different accounts should not share the same password.
• Changes in browsing habits are essential to prevent phishing. Before inputting any information online, contact any company or organization that requires verification.
• Set up multi-factor authentication on all accounts that require it.
• Make use of a third-party email client, such as an IMAP client. When a user clicks a link in a recent message, this initiates a malicious link check. The user gets taken to their destination if no dangerous software is discovered.
• Use security software to protect mobile devices and laptops. To deal with any security danger, software updates should be set to automatic.
Post Written by Oreoluwa Adegoke, CFE