Cyber security is the practice of defending computers, servers, mobile devices, electronic systems, networks, and data from malicious attacks.
Here we will discuss phishing as a cyber crime and how to be aware and defend yourself against phishing attacks
What is Phishing?
Phishing is a form of cyber crime and type of social engineering where an attacker sends a fraudulent message designed to trick a human victim into revealing sensitive information to the attacker or to deploy malicious software on the victim’s infrastructure like ransomware.
Phishing attacks aim to acquire our money, bank account details, identity, passwords and our data. The cyber criminal wants us to download a file, click a harmful link, download malware, visit a false website, disclose or personal information and transfer our money.
Types of Phishing
There are twelve types of phishing attacks. Here we explain how to identify them, so you can protect your data more effectively.
Cyber Criminals send emails to users impersonating a known brand, to create a heightened sense of immediacy and then lead people to click on a link or download an asset.
The hypertext transfer protocol secure (HTTPS) is considered a “safe” link to click, but cyber criminals are now leveraging HTTPS in the links that they put into phishing emails.
Cyber Criminals target specific individuals within a company using real names, job functions, or work telephone numbers to make the user think the email is from someone else inside the company.
Cyber Criminals use social media or the company website to find the name of the CEO or another senior leadership member. They then impersonate that person using a similar email address.
Voice phishing, or “vishing,” happens when a cyber criminal calls a phone number and creates a heightened sense of urgency that makes a person take an action against their best interests.
Smishing is sending texts that request a person take an action. Often, the text will include a link that, when clicked, installs malware on the user’s device.
Angler phishing is when a cyber criminal uses notifications or direct messaging features in a social media application to entice someone into taking action.
Cyber Criminals hijack a Domain Name Server (DNS), then, when a user types in the website address, the DNS server redirects the user to a malicious website’s IP address that might look real.
POP UP PHISHING
Although most people use pop-up blockers, pop-up phishing is still a risk. Cyber Criminals can place malicious code in the small pop-ups, that show up when people go to websites.
Cyber Criminals will often engage in research to see what types of services a company uses regularly then send targeted emails that appear to come from these services.
EVIL TWIN PHISHING
This phishing attack uses a fake WiFi hot spot, often making it look legitimate, that might intercept data during transfer. This allows them to collect data like login credentials or sensitive information.
This attack starts with cyber criminals doing research around the websites a company’s employees visit often, then infecting the IP address with malicious code or downloads.
What to do if you suspect a Phishing Email
- If you receive a suspicious email, don’t click on anything
- Be a human firewall and raise the alarm
How to stay safe in Cyber Space
- Use your common sense
- Do not click on pop ups
- Keep anti virus updated
- Don’t use company property / assets for personal stuff
- Do not complete personal information, like passwords via hyperlinks receive in an email