Did you know that the word phishing was first used in 1996?
You surely came across the word phishing before and you probably thought that it was a misspelling of the word fishing. But no, phishing is a word of its own and was introduced in our vocabulary since the democratization of the internet in 1996. It is an analogy of the angling sport but their end goal are very different.
Indeed, when someone goes fishing, the intention is to lure fishes. But when someone goes phishing, the intention is to scam people.
When we talk about fishing, we immediately visualize some stereotype pictures. Some people think about a sunny day at the seaside, some think about sitting in a chair near a river and others think about being in a boat. But most people visualize the action of throwing a hook with bait and eventually catching a big fish.
But when we talk about phishing, the image is much less pleasant. Indeed, most people visualize as being scammed, receiving fake emails, loss of information and all sort of related problems.
Generally, most people associate phishing with receiving unsolicited emails that attempt to steal information. But with the apparition of new technologies of communication and the apparition of social media platforms, phishing has evolved and continues to evolve. Scammers are becoming more ingenious in their mode of operation and it is becoming harder to identify phishing attacks.
Here below are some types of phishing that you need to be aware of and ensure that you adequately protect yourself and your business.
1. Email Phishing
This is the most common type of phishing. Generally, an attacker gain access to the consumer base of a company and send an email to the clients, asking them click on a link to change their password. However, the link redirect to a fake website that will steal the password of the client and will be used to gain access to their real account.
2. Spear Phishing
It is quite similar as email phishing but it is more targeted. Instead of sending a general email to random people, the method consist of targeting someone specific and send them a more personalized email in order to make the potential victim believe they have a relationship with the sender. Here again, the attacker will send a link to a fake website or send a malware to steal personal sensitive information.
3. Whaling
This method is similar to Spear Phishing. The main difference is that the targeted victim is a high profile or highly influent person in an organization. Whaling often targets C-Level executives or people who have the authority to authorize financial transactions.
4. Smishing
The main difference between smishing and the previous methods is the use phone SMS (Short Message Service) instead of emails. Similar to the classic phishing methods, the attacker may send a link via SMS or request for confidential information.
5. Vishing
Vishing is similar to all of the above but instead of sending messages, the attacker will call the potential victim directly and uses a fake identity to obtain sensitive information. This type attack has been used for decades by scammers and is also called Social Engineering.
8. Evil Twin Phishing
Evil twin phishing consist of sending a signal to mobile phones which will seem to be a free spot for Wi-Fi. Victims will be asked to fill their personal email address and password to have access to Wi-Fi. Those data generally are personal email address and password, which will then be used to gain access to sensitive information.
There are more types of phishing and the list continue to grow as technology evolves. If you wish to have a proper training about the different methods of phishing you can contact us to enroll in our training program.
Now that you know more about some phishing method, here are some tips to recognize and mitigate risks of phishing.
1. If you receive an unsolicited email that asks you for personal data, it is a first sign.
2. If the email has a poor vocabulary, lots of grammatical mistakes or strange phrases, this is another sign.
3. If the messages is designed to make you panic and put pressure on you to take action. Keep your calm and call the organization that they are trying to impersonate.
4. Do not click on links sent by organisations that usually do not send links. Verify with the organization through their official channels first.
5. Make sure that your antivirus and firewall are well setup and are regularly updated.
6. Use complex passwords and do not use the same password for all your accounts.
7. Do not use free WIFI access points for confidential or business purposes
8. Do not put your username and passwords when prompted by unofficial sites or WIFI access points
These are some basic reflexes to avoid the traps of phishing. If you wish to have a proper training to protect yourself or your organization from potential phishing, contact us to evaluate your information security posture and enroll to our training program.
For more Cyber Security and Data Privacy tips, like/subscribe to our channels.