Phishing is an attack launched by cyber hackers with the aim of obtaining confidential information from victims. It is one of the oldest known attacks on the web. It can be addressed to individuals as well as to companies and that is why it is useful to be able to identify it so as not to make a mistake. What is phishing? How to prevent it? Here are all the answers to your questions.
What is phishing?
Phishing, also known as phishing, is a scam committed on the web in order to obtain confidential information such as login credentials, passwords or credit card codes from those targeted. The word phishing is a very good image of the cybercriminal who goes fishing for information and who seeks to bite his victim.
On the web, phishing often takes the form of an email sent to a recipient, the cyber pirate then impersonates a trusted person or an institution and tries to obtain personal information by inciting the recipient to click on a link or download a document. It should be noted, however, that phishing can also take place by telephone, SMS or even on social networks. Social networks are indeed an excellent way for phishers to have access to a large panel of confidential information about a person to then usurp their identity.
What are the risks of phishing?
Phishing is a technique which makes it possible to obtain information which will allow the criminal to impersonate an identity, to obtain confidential information on a company or even to obtain bank codes to steal money.
What are the different types of phishing?
To be aware of the magnitude of the problem, it is necessary to take stock of all the techniques used by phishers to deceive their victims. Among the different methods, we find:
- phishing by e-mail: the hacker sends an e-mail to his target by inciting him to click on a link which redirects him to a malicious website or to download an attachment which contains malicious programs
- phishing by website: the hacker creates a website that looks like a site that you often visit to encourage you to enter your credentials. He can then recover your identifiers to connect to the real site and recover your data.
- Phishing on social networks: via the most used social networks, the phisher can hack accounts to force them to send malicious files to their friends, just like creating a fake profile to be able to exchange with a friend and so extract information from him
- outside the web, you should know that there are two other phishing techniques for which you have to be careful: vishing, which consists in obtaining information by means of a phone call and smishing, an SMS sent which will make the victim click on a malicious link
A classic phishing technique: fraudulent email
A large majority of phishing attacks are done by sending fraudulent emails. Here are some examples of emails that can be sent for confidential information.
It can primarily be an e-mail indicating a billing problem relating to a purchase on the internet. You are then told that the shipment cannot take place and by clicking on a link, you are redirected to a malicious site.
Some hackers who use phishing masquerade as the government or a major body. You are then threatened with a penalty if you do not enter your personal data, or on the contrary you are informed of help from the authorities which requests to communicate your bank details. For banks, an e-mail can warn you of an overdraft problem and ask you to confirm your bank details to avoid any problems.
Finally, two other phishing techniques consist on the one hand of impersonating a friend who encounters a difficult situation and who needs money and on the other hand, you are announced that you are the big winner of a price and that for that you have to enter your personal information.
How to recognize a phishing situation?
There are a few ways to spot a phishing situation. Techniques to have in mind that will help you be more vigilant on a daily basis when using your personal and professional email addresses. It’s about:
- verify the sender’s email address. Because often in the context of phishing, it does not match the domain name it is supposed to represent
- check the link you find in the email by hovering over it with the mouse. At the bottom of the browser, a different link may appear
- to detect the presence of spelling errors or poor quality images, even if today hackers tend to make great efforts on this subject
- pay attention to service emails for which you are already registered, but which ask you for personal information
- not to open attachments from an unknown recipient, it is almost always a fraudulent email
- pay attention to addresses in the form of a URL shortener like ly or goo.gl
- not to rush when an email requests urgent actions
- to be very careful with their bank information, for example a public service and banks never ask for bank card codes
- to regularly change your passwords, a phisher cannot do anything with a password that is no longer valid
At home or at work, if in doubt, do not hesitate to find out more about the origin of a suspicious e-mail, for example by questioning those around you and colleagues, who may be more likely than you to recognize a phishing technique.
How to fight against phishing?
There are several ways to fight phishing. Already, do not hesitate to use a browser which offers a feature of warning against cheating. It is found in the main browsers such as Safari, Google Chrome and Mozilla Firefox. It’s not perfect, but these are functions that keep you alert.
Then you can still invest in cybersecurity software. These are software programs that are responsible for spotting phishing attempts before they reach you. Cybersecurity software aims to be very useful when running a business that is required to record a lot of personal and sensitive information. And if you have the slightest doubt about it and your company does not have an IT department, specialized companies can very well intervene directly in the company and inform you about the best ways to help you. protect from cyber-attacks.
How do I report a phishing attempt?
When you receive a suspicious email and suspect a phishing attempt, there are two ways to report it. You can first report on the Government Cyber Security Cell. You can also fill out a form on Phishing Initiative, a platform that feeds major browsers to block access to fraudulent sites.
About the author
DMTwebhosting.com’s Editorial Team prides itself on bringing you the latest web hosting news and the best web hosting articles!
You could also link to the news and articles sections: