Do you know what Phishing is?
Dating back to the 90s, Phishing is one of the oldest types of cyberattacks and still one of the most widespread because of techniques becoming increasingly sophisticated.
Phishing usually targets you using emails, SMS, or phone by an attacker, pretending to be some you trust.
The goal is to lure you into providing sensitive data that can be used by the criminal to steal your user’s identity or empty your bank account.
What are the common traits of Phishing messages?
• IMPERSONATION: phishers mimic the communication style of a person or institution they try to impersonate.
• TOO GOOD TO BE TRUE: it appears you have won a lottery or some amazing stuff? Don’t click!
• UNUSUAL SENDER: the sender is someone you don’t know or someone you do know, but something turns out weird. Watch out!
• HYPERLINKS OR ATTACHMENTS: check the spelling of the URL by hovering the mouse over the link. If something is misspelled, do not trust.
• URGENT AND UNEXPECTED REQUESTS: if they ask you to act fast because of a super deal, ignore the email.
What are the most common Phishing techniques?
Email/Spam: this is the traditional Phishing attack. The same email is sent to millions of users with a request to fill in personal details.
Spear Phishing: the attack is personalized. The hacker knows which specific individual or organization he’s after.
Smishing: phishing via SMS to entice a victim into revealing personal information via a link that leads to a phishing website.
Vishing: phisher makes phone calls to the user and asks him to dial a number to get personal information on the bank account through the phone.
Session Hijacking: the phisher exploits the web session control mechanism to steal information from the user.
Whaling: the phisher targets senior executives with emails attracting their attention to an executive issue or a critical business email and then infect their computer via link.
Link Manipulation: the phisher sends a link to a malicious website.
Content Injection: the phisher changes a part of the content on the page of a reliable website, so the user goes to a page outside where is asked to enter personal information.
Follow our next week’s #AskYourFraudExpert post to discover some useful tips to protect you from Phishing attacks!