Phishing – Are you at risk?

Let’s go Phishing – The Silent Cyber Crime

In the universe of cyber threats, few are as maliciously deceptive as phishing. To the untrained eye, a phishing attack can be nearly indistinguishable from legitimate communication and there-in lies the potency of this silent crime.

Phishing attacks have become increasingly sophisticated and often transparently mirrors the site being targeted, which allows the attacker to observe every keystroke of the victim whilst navigating the site.

Definition

Phishing is a form of social engineering where cyber-attackers impersonate legit companies and or individuals to deceive victims into revealing sensitive information, such as login credentials, credit card numbers, other personal data or installing ransomware malware via emails that direct users to fake websites where they are asked to provide their details.

History

Phishing origins can be traced back to the 1990s when the internet adoption began to increase. The term “phishing” is based on the word “fishing,” which symbolize the act of “throwing out bait” to “catch” innocent victims. According to research, the first recorded mention of phishing, dates back to 1996 in a hacking tool named “AOHell.” As technology evolved over the years, so did phishing tactics, making them more sophisticated, harder to detect and since 2020, one of the most common types of crime, according to the FBI’s Internet Crime Complaint Centre.

Different Types of Phishing

Email Phishing: This is the most common type, where attackers send fraudulent emails designed to look like they’re from trustworthy sources.

Spear Phishing: Targeted attacks on specific individuals or organizations, often involving personalized information to make the “bait” more convincing.

Vishing (Voice Phishing): Using phone calls to scam victims. The attacker posing as a bank representative, informing you that there are fraudulent activities on your bank account.

Smishing (SMS Phishing): Attackers send deceptive text messages to trick victims into providing sensitive information.

Whaling: A subtype of spear phishing that targets high-profile individuals like CEOs or CFOs.

Pharming: Redirecting users to a malicious website by compromising domain name system (DNS) servers.

How does phishing work?

Phishing is a form of cyber-attack that capitalizes on human psychology, technical trickery, and deceitful tactics to obtain and or extract sensitive information from victims, for example:

Crafting the Message: The attacker designs an email or message that appears to be from a trusted source, for instance from a bank, or a popular service (like Showmax) a work colleague, top management or even a government entity. The message often evokes a sense of urgency, fear, or curiosity with common themes like warnings about account closures, unrecognized transactions and or tax refunds.

Deceptive Links and Attachments: Phishing emails often contain links directing victims to fake websites that mirror legitimate ones. Victims are requested to input sensitive information like usernames, passwords, or credit card numbers.

Fake Websites: These are set up to mimic genuine websites by having similar URLs (with slight misspellings or alterations) and replicate the look and feel of the actual sit.  Once the victim enters their details on these fake sites, the information flows directly to the attacker.

Avoiding Phishing

The first line of defence is being aware and informed about the latest phishing techniques.

Check Email Senders: Hover over the sender’s email to verify its authenticity. Be wary of misspelled domain names.

Avoid Unsolicited Attachments: Never open attachments or links from unknown sources as it might have malicious attachments, which, when opened, can install malware on the victim’s device.

Secure Browsing: Ensure websites are HTTPS encrypted, especially when entering personal data.

Regular Training: Organizations should regularly train employees to recognize phishing attempts.

Use Security Software: Keep your antivirus software updated and use browser add-ons that detect malicious websites.

What must you do when you have fallen victim to a phishing attack?

It is imperative to act promptly and decisively to mitigate potential damage, for instance:

Change your Passwords: Immediately change the password for the compromised account and if you use the same password on other accounts (which is not recommended), remember to change those as well.

Notify Financial Institutions:If you have provided bank or credit card information, contact your bank immediately as they can then monitor for suspicious activity, freeze your account, or issue new cards if necessary.

Enable Multi-Factor Authentication (MFA): Activating MFA adds an additional layer of security so even when cybercriminals have unlawfully obtained your password, it will be challenging for them to access your account without the second verification step.

Examples of phishing attacks

Google and Facebook Phishing Attack (2013-2015): Evaldas Rimasauskas tricked Google and Facebook into paying over $100 million in fraudulent invoices.

Twitter VIP Attack (2020): In 2020, a significant Twitter breach saw high-profile accounts being hacked which was traced back to a 17-year-old from Florida, which had a global impact.

Conclusion

Phishing remains one of the most prevalent cyber threats and it is essential to recognize that phishing isn’t just a technical challenge but also a psychological one. Attackers understand human behaviour and design their campaigns to exploit common emotions and reactions. However, by being aware of these tactics, maintaining scepticism towards unexpected or suspicious messages; keeping your devices up to date with vigilance, education, and the right tools, both individuals and organizations can effectively reduce their risk of falling victim to phishing.

Related Posts

Leave a Reply

Archives

We are using cookies to give you the best experience. You can find out more about which cookies we are using or switch them off in privacy settings.
AcceptPrivacy Settings

GDPR

  • Privacy Policy
  • Google Analytics (_gat)
  • Google Analytics (_gid)
  • Google Analytics (_ga)
  • reCAPCHA

Privacy Policy

Read our full Privacy Policy

Google Analytics (_gat)

This cookie is set by Google and is used to distinguish users.

Duration: 1 Minute

Google Analytics (_gid)

This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected including the number visitors, the source where they have come from, and the pages visted in an anonymous form.

Duration: 1 Day

Google Analytics (_ga)

This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site’s analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors.

Duration: 2 Years

reCAPCHA

This cookie is set by Google. In addition to certain standard Google cookies, reCAPTCHA sets a necessary cookie (_GRECAPTCHA) when executed for the purpose of providing its risk analysis.

Duration: 5 months 27 days