The Internet and various technologies have come into everyone’s life as a relevant tool to facilitate many tasks and allow us to interconnect in just one click, at any time and place we want.
However, the other side of the coin shows us a large group of cybercriminals who, taking advantage of the benefits of the Internet and the great interconnectivity, have sought all possible methods to carry out scams and crimes by stealing confidential data and information through phishing.
What is Phishing?
According to Avast Academy, it refers to a cybercrime technique that uses fraud, deception and scamming as mechanisms to manipulate victims into revealing sensitive personal information. This is one of the oldest and best known scams on the Internet.
The term phishing comes from the English word fishing, referring to the attempt to get users to «take the bait». The person who practices it is called a phisher.
Fun fact: A survey of more than 1,000 IT professionals revealed that 56% of organizations identified phishing as the biggest IT security risk.
How does Phishing work?
In fishing there are many ways to catch a fish, but there is one phishing tactic that is commonly used:
Regardless of whether it unfolds via email, SMS or any other system, all phishing attacks follow the same basic principles: the attacker sends a communication with the aim of persuading the victim to click on a link, download an attachment or send a requested piece of information.
Types of phishing
According to information shared in the Malwarebytes portal article, some of its categories are as follows:
Phishing campaigns send mass emails to as many people as possible, spear phishing is a targeted attack where a specific person or organization is directly targeted (often with personalized content for the victim).
These attacks require prior reconnaissance to discover names, titles, email addresses and so on.
This is a critical threat for businesses and governments as it costs a lot of money. According to a 2016 report from research on the subject, this type of phishing was responsible for 38% of cyber attacks on participating companies during 2015.
The criminals in this case make a copy of previously sent legitimate emails containing a link or attachment. The phisher then replaces the links or attachments with malicious content disguised as genuine content.
In the same vein, the phisher may forge the victim’s identity to pass himself off as a trusted sender to other collaborators in the same organization.
3. 419 Nigerian scams:
Did you know that one of the oldest scams on the internet was an extensive phishing email from someone claiming to be a Nigerian prince?
The «Nigerian prince» claimed to be a government official or member of a royal family who needed help transferring millions of dollars from Nigeria.
The email was marked as ‘urgent’ or ‘private’ and its sender asked the recipient to provide a bank account number to remit the funds to a secure location.
You are probably wondering what the «419» number is associated with this scam and refers to the section of the Nigerian penal code that deals with fraud, charges and penalties for offenders.
With phone phishing attempts (also called voice phishing or «vishing»), the phisher calls claiming to represent your local bank, the police or another important entity.
They then scare you with some kind of problem and insist that you solve it immediately by providing your account information or paying a fine. They usually ask that the payment be made through a bank transfer or with prepaid cards, because they are impossible to trace.
Phishing via SMS, or «smishing», performs the same type of scam as vishing, (sometimes with an embedded malicious link to click on), via SMS text message.
Spam v. phishing
It seems to be the same but it is not, the only thing that makes them similar is that in both cases they are usually sent in bulk. The main difference between the two is that «spammers» do not try to harm the recipient, since what they send is considered «junk mail» because its content contains unwanted advertisements.
Those who resort to phishing are quite the opposite, they go with the intention of harming and committing a crime. Therefore, if we have to choose, spam is preferable.
Now you are probably wondering how to recognize a phishing message and what we can do to protect ourselves, aren’t you? That is why we invite you to continue reading in the second part of this article, it will be available soon!