Ever received an email or message asking you to click on a link? You clicked on it and it took you nowhere? Well, that's phishing. You might not have given it much thought, but cybercriminals use this simple process to steal your information.
Written by Freya Fannie
Illustrated by Megha Ramachandra
In the computing world, phishing is just like fishing, except that the bait is a fraudulent message, and we are the reeled in fishes. Like a fisherman who knows what type of bait to use to reel in a specific fish, an attacker gathers as much information about you as they can before placing their bait. Particularly if you are a company's CEO, who is the most targeted.
The attack is the easiest part. The "phishing" messages often begin with a message that looks so convincing that it seems to be from a trusted source. This compels you to click the link which installs malware into your system. When you are hooked in like this, the attacker will have access to all your private information, including login credentials and credit card information which they can use against you.
Regularly updating security measures is important, and having the latest technologies in place can help. The most important thing is to be aware of these issues. Educating users and using layered security technologies are the best ways to protect your company from these cyber threats. A company's high-level employees are the most likely to be targeted, so educating them on how to recognize phishing emails is extremely important. Further, email security, malware protection, and web security are areas where you will need layered security technologies to protect against these threats.
This is the most common type of phishing, in which an attacker sends a phony email pretending to be from a well-known company or a reliable source.
Attackers leverage HTTPS, which is often considered a safe link to click, to send users infectious links preferably via email
Social media is the most vulnerable and susceptible to Angler phishing. Attackers use notifications and direct messaging options to gain access to your device.
This is a more targeted strategy. The attacker gathers all publicly available information about the target and orchestrates the attack. These are primarily aimed at individuals within an organization and are delivered via emails, usernames, and office phone numbers.
Whaling, also known as CEO fraud, targets an organization's senior executives. They impersonate the individual and can result in financial and legal consequences for the organization.
These are done through SMS and voice calls. The most common are bank alerts that require you to act immediately.
These are the most common types of phishing used by attackers to gain access to a system or device. However, there are more types that range up to cyberwarfare. So, in this digital era where cybersecurity is bleak, make sure to protect your systems with advanced software and educate people on issues like phishing.