Phishing is a cybercrime that uses different tactics, such as deceptive emails, websites and text messages, in order to obtain users ‘personal information. Attackers use the obtained information for identify theft and fraud.
From phreaking to phishing
The term phishing has its roots back in the 60s phreaking – fraudulent telephone signaling manipulation. People who practice phreaking used to whistle to re-create the 2,600MHz pitch of the phone routing signal. All this effort to make free phone calls! Therefore, the words: phone, free and freak created the word phreaking.
The word phishing was used for the first time in 1996 by hackers trying to steal America Online accounts and passwords. Similar to the sport of angling, scammers “fished” for passwords and financial information from the “sea” of internet users. This analogy led to the invention of phishing term, replacing “f” from “fishing” with “ph” from “phreaking”.
How phishing works?
Imagine yourself checking your email and finding a message from your bank. You’ve received emails from the bank before, but this one contains a suspicious message, threatening to close your account if you don’t reply immediately. This message is an example of phishing.
Phishers find a business to target and manage to get the e-mail addresses for the customers of that business. Once they have found their victims, they work on the method of delivering the message. Most of the time, they go for an and a web page.
At least once in your life you received a message that appears to be from a reputable source. The e-mail attempts to trick you into clicking on a link to enter sensitive information or running an executive file that secretly gains access to your computer.
Even though phishers utilize various scamming methods, they mainly use link manipulation and website forgery, aiming to make their message more convincing.
Types of phishing
Phishing attacks are as old as the Internet. As such, phishing methods have improved over the years and got better and better. Here are 6 types of common phishing attacks:
This is one of the most well-known cyber-attacks. Phishers send e-mails to users, impersonating a reputable company and use social engineering tactics to convince users that it’s imperative to click or download a file.
The links included in the email lead to malicious websites that steal credentials or install malicious code to user’s device.
When the attack targets a specific individual, organization or business, it’s called spear phishing. This method uses open source intelligence (OSINT) to collect data from public sources, such a social media or websites and then target a certain person within the organization.
Because the phishers use real names and job functions, the recipient may think the e-mail is from someone inside the company. Thinking it is an internal request, the person takes the action requested in the email.
Similar to spear phishing, whaling uses OSINT. Attackers find the name of the CEO of a target organization and then impersonate that person using a similar email address. Using the email, the attacker may ask for money transfer or the review of a certain document.
This is a type of voice phishing by which a malicious actor calls a phone number and creates the impression of an emergency, making the victim take an action against their best interests. Make sure when you receive a phone call from someone requesting personal information unusual for the type of caller!
Smishing, also known as SMS phishing, is a type of cyber attack carried out over text messages. Unfortunately, unlike email phishing, which security filters could identify and block, Smishing can get on users’ phones mostly unchallenged. Even worse, this type of phishing attack has evolved in the last years into a whole range of scams and malware that target users’ mobile devices.
Due to the large use of social media, it’s natural to appear angler phishing. Similar to vishing and smishing, this type of attack involves the use of notifications or direct messaging features in a social media application. Through notification, the attacker sends a message that requires the user to take an action.
The necessity of security awareness
As drastic times call for drastic measures, the worrying number of phishing attacks requires effective prevention measures. Our team – Attack Simulator – is here to meet your needs with a series of services designed to increase security awareness.
We offer you automated security awareness training, to increase your employees vigilance to cyber attacks. Prevention is always better than cure, even when it comes to online security.
Feature Image: Computer vector created by freepik – www.freepik.com