In this modern era, there are lots of Cyber Crimes can be done to trick or steal money from people. One of popular cyber crimes is “Phishing”.
What Is Phishing?
Phishing is derived or taken from word “fishing”, which analogy like baiting fish. In Cyber Security aspect, phishing is luring or tricking the victims with something that will makes the victim give up sensitive data.
This attack often used to steal steal user data, including login credentials and credit cards numbers. The outcome of phishing will cause frustration and devastated as they have be victims of unauthorized purchase, stealing of money or identity theft.
Types of Phishing
- Email Phishing. This is the common method where phishing is delivered using email. Victims will be trick to open attachment which contains malware or click link to redirect to malicious or spoofed website to steal their data.
- Website Phishing. Also known as spoofed website, is fake copy of known and trust website. Website will be cloned from original website, then copy into the phishing website. It will be looks exactly like original website. The purpose is to fool you to login with your credentials. They will use the credentials your provided, to login into the real website/accounts.
- Vishing. Is derived from “voice phishing”. The attacker will bait victims via phone calls and convince them to give up their personal information.
- Smishing. Is a phishing via SMS. You will receive a text message to click link to download free content. But when you clicked, malware will be download into your phone, which can steal your personal information and send to attacker. A new way of smishing is, they will send SMS and subscribe automatically to their service, if you not reply them “No”.
- Social Media Phishing. The application that you play in Facebook like “What age you will marry?” or “Which artist looks like you?”, will request permission to access your personal information. The attacker will steal your personal information since you allowed them to do so.
Email Phishing Criteria
There are lots of email phishing criteria that you should aware. It might contains some or all criteria. Below is the email phishing criteria:
i. Offering Something For Free
Either it is small or big offer, both can be alerted as phishing. Their intended just one, to get your personal information such as bank account number, credit cards number or login credentials. They will convince victim to reply them with personal information or will provide link to spoofed website so victim can enter their credentials.
ii. Urgent Action Is Needed
Unlike trick offering victim with something free, sounds of “urgency action is needed” seems more convincing the victims. Offering something for free to victims, sometimes the user have mindset if they did not take the offer, there is nothing to lose.
But if there is sound of urgency, they might feel scared. If no action has been taken by them, they might get into trouble. For example, an email from bank required victim to update their information urgently.
iii. Attachment
Email contain attachment which contained malware. This malware will either harm your computer like ransomware or will run as spyware to steal your personal information.
iv. Hyperlinks
A link may not be all it appears to be. Hovering over a link shows you the actual URL where you will be directed upon clicking on it. It could be completely different or it could be a popular website with a misspelling, for instance www.bankofarnerica.com – the ‘m’ is actually an ‘r’ and an ‘n’, so look carefully.
v. Unusual Or Fake Sender
Either you will receive from unusual sender or fake sender. Like you received email from Wakanda’s King with email like “[email protected]”. This sounds suspicious.
If you tend to receive some urgent email from your superior or employer, like need to provide confidential data or transferring money. Your superior email is “tony.stark”. But one you received from is “tony_stark”.
How To Prevent From Email Phishing
i. Double check with your co-workers
If you came across received email from your superior to do some, there’s nothing wrong if your double check with your co-workers to verify on the email. If your Work From Home, you can call your co-workers to verify.
ii. Ensure the sender is legit.
Like mentioned above, please do verify if you supposed to receive from superior “tony_stark” or “tony.stark”. Again, if you are not sure, you can ask your co-workers or HR to confirm on email address. It’s better be careful than sorry.
iii. Always check the URL in the hyperlinks
Hyperlinks can fool you if you’re not careful. Even though the hyperlink shows “www.bankofamerica.com”, but the link behind it is “www.bankofarnerica.com”. So, be careful.
iv. Email filtering
If you work in organization, it is good to have email filtering that will do sandboxing. If the email has phishing criteria, it will block the email from being transferred to the user.
Web Phishing Criteria
Web phishing is a “spoof” website where hacker will clone the website from the origninal, known and trusted website. Usually this spoof website looks very similar on appearance, but the URL will look almost the same.
Victims may not notice that they visit the spoofed website. Then they will log on into their accounts. Hacker will use the credentials to login into the real accounts.
How To Prevent From Web Phishing
i. Check the URL.
If that is the common website you always visit, such Facebook, do verify if the URL is “Facebook.com” or “Face-book.com”.
ii. Read the review
If you not really common with the website you visit, please do a research on the website. Check what people said about the website. Is it safe to visit or not.
Thanks for reading this article. Hopefully this can help you from being a victim of phishing.
