But what are phishing and online scams?
Born around 1995, just 4 years after the first site appeared, phishing refers to the practice of using deceptive emails and websites to illegally obtain personal information from users. That information (usernames, passwords, credit cards) is later used to steal money or more information.
The word “phishing” itself is a combination of “fishing” and “phreaks,” which was what hackers used to call themselves. The practice of phishing is considered a form of social engineering, which is a term for manipulating people by misrepresenting themselves in a web security context.
Types of phishing techniques
Spear phishing
What is spear phishing? Spear phishing targets a specific person or organization rather than random users. This scam usually aims to steal sensitive information or data from the targeted victim, such as account passwords or financial information for malicious purposes. It requires specific knowledge about the victim, such as some personal details. Cybercriminals use this information, usually in an email, to pretend they are a trusted organization or person and acquire the data they need.
Spear phishing vs phishing
Spear phishing vs phishing, both are online attacks that attempt to steal sensitive information. However, phishing is the more general term for this type of attack, as it is basically any attempt to trick victims into sharing sensitive information.
According to the definition of spear phishing, it is personalized for the specific victim. It requires more thought, time, and knowledge to achieve its goal. Since spear phishing messages are personalized, it is harder to identify these types of attacks.
What helps protect yourself from spear phishing is generally being careful with your online presence. Here are some tips to follow to avoid spear phishing:
Be careful with the personal information you post on the Internet
Use smart and secure passwords
Update your software regularly
Be careful when opening emails and clicking on links
Microsoft 365 Phishing
These types of attacks are phishing emails that target Microsoft 365 users. One of the most common things attackers do is trick victims into downloading a file by disguising its extension. Attackers use a special Unicode character, the right-to-left override. It allows them, for example, to disguise an “.exe” file as a “.txt” file. As a result, the victim downloads the “.exe” file that installs malicious software on their computer or laptop.
Whaling phishing
Whaling phishing is a highly targeted attack. This type of phishing attack targets particular people such as senior executives, and is disguised as a legitimate email. It attempts to encourage victims to take a particular action, usually related to transferring money or handing over specific information. Whaling phishing emails often target large financial institutions and are more complicated than general phishing emails because they are targeted at C-level executives.
These emails typically contain personalized information about the organization/C-level executive, create a sense of urgency, meet the business tone, and encourage you to do some of the following:
Click on a link that will eventually bring malware
Transfer money to the attacker's bank account
Provide more information about the company or individual.
Voice phishing
Voice phishing is an attack that tricks people into providing important financial or personal information over the phone to third parties. You can fall victim to a voice phishing attack through various channels and devices such as voicemail, smartphone, landline, voice over IP, etc.
The message from such an attack usually informs the victim of suspicious activity, related to their bank account/credit or debit card, etc. The attacker then encourages the victim to call a phone number and provide more personal information or verify their account/identity.
To protect yourself from such an attack, the best approach is to italy whatsapp number data call the institution in question through a valid contact channel you have and make sure your account has not been compromised.
Business email compromise (BEC)
Business email compromise is an email message that appears legitimate, requests a particular action, and is addressed to a specific company. The request in the message is usually about transferring funds to the attacker's bank account that:
It pretends to be the “regular supplier” who has sent an invoice from an updated email address
He intends to be CEO of the company
He pretends to be a company employee and has hacked your email address
He claims to be the company's lawyer
Social media phishing
Social media phishing is related to attacks through social media such as Facebook, Instagram, Twitter, LinkedIn, etc. Its goal is to steal your personal information or take over your social media account. Such an attack can also result in financial loss due to data being obtained to access financial accounts. To protect yourself from a social media phishing attack, follow these simple rules:
