Phishing is a type of cybercrime in which individuals pose as legitimate organization or representative of an organization to trick victims into divulging important information like personal and banking details and use it for malicious reasons.
Attackers use different methods of communications, like email, SMS, phone call, and interaction over social media.
How is Phishing Done?
Phishing is generally done via communication between the attacker and the victim. Attackers contact potential victims, posing as legitimate representative or organization using email, SMS, Instant messaging services, and social media.
They gather potential victim’s personal and social information to craft a false plot to lure him in believing that they are legitimate.
Attackers often send email that contain malicious links and attachments, and when victim clicks on any of the link or opens an attachment, malicious software gets installed on victim’s PC. Links sometimes redirect user to a malicious website which tricks them into entering their personal information.
Also Read: Fileless Malware on the Rise
In a successful phishing attack users generally enters their personal information on a malicious website or download from a malicious link which sends all the information to attackers.
Practices That Attackers Follow
Attackers mainly send an email containing malicious link or attachment to the victim, hoping that victims either clicks on malicious or downloads the malicious attachment.
URL which is in email, is embedded with different link, you can check embedded link by hovering the mouse over it. However, attackers, hide the embedded link using JavaScript.
JavaScript is also used to show legitimate URL in the address bar. Attackers use different techniques for manipulation of the link so that victim clicks on the link.
Attackers manipulate authentic links by replacing letters of the original link with similar looking characters to fool the victims into clicking on it.
Attackers also replace text in the email with images so that phishing defenses cannot scan common text, this will allow attackers to bypass defenses and deliver the email without any interaction.
Also Read: What is a cyber-attack and how it affected us this year?
Prevention
Criminals are coming up with new and different techniques regularly. Users have to be self-aware in order to prevent themselves from these attacks.
There are some different things that you can follow in order to prevent yourself being a victim to a Phishing attack.
- Keep informed about new phishing techniques: With constantly new techniques developing all the time, you have to be in touch of the new phishing techniques. Keeping abreast about new techniques will lower the risks of becoming the victim.
- Always check the link before you click: Always double check the links before clicking on them. If you are not sure about the origin of the link, hover your mouse over the URL, it will reveal the link on which you will be redirected.Do not fill the information directly on any website, first make sure you are on the genuine website and then enter your details.
- Verify if the site is secure or not: Genuine web pages that ask for user information, generally begin with “https”. You will also see a lock icon near the address bar.
Do not open websites, which display error message stating that it is malicious unless you have trust on it. - Keep a check on your accounts: Keep check on your Email accounts regularly, suspicious activity on your email accounts will be shown to you via email.Regularly change the passwords for your accounts. This will make you more secure from cyber crime.Also, regularly check your bank statements, to keep a tab on any unauthorized transactions.
Also Read: How to Protect Your System from Malware Attacks - Use Firewall: Firewall will prevent any unauthorized communications. You can use both software firewall and hardware firewall. This will greatly reduce the chance of attack.
- Use antivirus software: Always use a good security software. Security software will block any attack on your system.
- Keep up to date: Keep updating your OS, security software and browsers. Different security patches are released, so make sure that all the applications are updated regularly.
- Always use popup blocker and ad blocker: Popup blocker will block pop ups occurring on your device and ad blocker will block any advertisement that you see on any webpage.Always keep in mind there is no way to be 100% safe from scams. However, if you keep a check on your online activities and use the steps we have enlisted you will be on a safer side and provide your system with a shield to keep it secure from attacks!
Leave a Reply