Phishing is the process of stealing information from various individuals by attacking them through fake emails having viruses and malicious software. The phisher tries to gain personal information of the people through this process.
In phishing, the attacker sends a fake email which looks if it is sent from a legitimate company such as Microsoft, yahoo, etc. According to a report, there were 445,004 phishing attacks in 2012. There was a case when a large-scale phishing scam took place in which thousands of fake emails claiming to be sent from American Express were sent to various individuals. This process is very popular among cybercriminals due to the ease of getting people tricked into providing their information.
How is phishing done?
The attacker sends various fake emails to several individuals. The email is composed in such a way that it is difficult to predict if it is genuine or fake. This is because the email seems to be sent from a genuinely known company asking for your details to update their records, etc. To make phishing emails look genuine, they even include the logos of the company and other important information such as tagline, etc.
The phishing email may consist of a link or an attachment. Clicking the link could direct you to a fake website asking to enter your personal details such as bank account information, SSN, etc. Also, downloading the attachment may lead to the installation of a malicious software on the user’s device which in turn could have access to all the information on your device.
Once the attackers learn your information, they use it to commit identity theft. The attackers can read your emails, steal your money by gaining access to your bank accounts and do much more.
Types of phishing
In spear phishing, the phishing messages are aimed to be sent to certain individuals or companies. The attackers may even acquire personal information and interests of their targets through social networking to have better chances of success in attacking.
In this technique, an exact clone/copy of a genuine email which is already sent to a user is created. The cloned email replaces the original attachment or link with a malicious one. When this email is sent, it appears to be sent from the original sender only as it is spoofed.
Whaling includes whaling attacks in which the targets of the attackers are not common individuals, but senior executives of companies. The whaling attack email usually consists of a customer complaint, executive issue, etc. and appears to be sent from a legitimate business authority.
How to identify phishing attacks?
• The phishing messages usually consist of poor grammar and incorrect spellings. Legitimate companies mostly have copywriters to proof-read the content.
• The link given in the email might have an incorrect company name. They often look correct but might have wrong spelling of the company name. The link might have a special character or symbol before or after the URL address.
• The emails could lead you to .exe files which are known to install malicious software on devices.
• The emails could contain threats such as termination of your account if you fail to respond to the message. The email may contain phrases like “your account will be closed”, “your account has been compromised,” or “urgent action required.” They terrify you using these phrases so that you react immediately.
• The phishing attacks also consist of pop-ups. These pop-ups could be found on a legitimate website also. If you get a pop-up asking you to fill your information such as your username or password, be careful.
• Beware of phishing phone calls which offer you to solve your computer problem or try to sell you a software.
Damage caused by phishing
The damages caused by phishing can be very huge. It can lead to denial of access to your email account and even huge financial losses.
According to a recent study, every year, the businesses in the US lose approximately $2 billion due to phishing.
For preventing phishing attacks, take the following steps:
• Use a gateway email filter as it can catch phishing emails which are sent to various individuals.
• Ensure that your mail server uses authentication standards.
• Use a Web security gateway which can prevent users of being the target of phishing emails.
• Use a Web browser having anti-phishing detection. Various common Web browsers such as Internet Explorer, Mozilla Firefox, etc. have free add-ons to help you identify phishing websites and offer you anti-phishing protection.
Reporting phishing attacks
If you think you have been the victim of phishing attacks, note down all the information regarding the email or call (whatever the case might be) and report it to your local authorities as soon as possible.