Day 19: What is Phishing ?

In this digital age, phishing attacks have become rampant. In this post, I discuss what phishing, whaling, spear phishing, and vishing is, how to protect yourself and how to spot phishing attacks.

A phishing attack is an attempt by criminals to trick you into sharing information or taking an action that gives them access to your accounts, your computer, or even your network.

The attack will lure you in, using some kind of bait to fool you into making a mistake. Phishing attacks may strike using your email, text messages, or websites to trick you by posing as a trusted person or organization.

When you click the link or download the file, you can unwittingly install programs that provide the attacker with access to your computer or even your entire network.

What Are the Different Types of Phishing?

Spear Phishing: Spear phishing targets a particular group or kind of person, such as the system administrator for a business. A hint of a spear phishing email is shown below. Take note of the consideration given to the recipient’s field of expertise, the download link the victim is instructed to click, and the demand for a quick reaction.

Whaling: Whaling is a highly specialized form of phishing that targets the CEO, CFO, or any CXX within a sector or a particular company. ” The company may be subject to legal repercussions,” and you must click the link to learn more, according to a whaling email.

The link directs you to a website where you must enter vital firm information such as the tax ID and bank account numbers.

Vishing: The goal of vishing is the same as that of the other phishing assaults. The attackers are still searching for your private or business information. This assault is carried out by voice call. 

A typical vishing attack can be a call from a person posing as a Microsoft representative. You are informed by this person that they have found a virus on your computer. The attacker will next request your credit card information to upgrade your computer’s antivirus program. Your credit card information is now in the hands of the attacker, and you most certainly have malware on your computer.

How to spot phishing emails
  • Untrustworthy source email address.
  • A standard salutation such as “Dear User” as opposed to the customisation that most corporations provide.
  • Spoofed links: The location shown in the preview may not be the same as the destination shown in the message if you can move your cursor over the link.
  • Attachments that seem suspicious or out of the ordinary should be handled with caution.
How to stop/prevent getting phished by hackers?
  • Always be suspicious of any message that requests you to click a link or open an attachment.
  • Be cautious of any message communicating a sense of urgency or dire consequences should you fail to take immediate action.
  • If you are concerned about a message, contact the person or the organization using a different, validated method like a phone number you already had or check the organization’s website ‘Contact Us’ information. Never use the links or contact information in the message you are concerned about.
  • Be careful not to provide personal or sensitive information in response to a message.
  • You should protect your accounts using multi-factor authentication.
  • Before clicking a link, make sure the URL is correct by hovering your mouse pointer over the link until the URL appears in the bottom left corner of your screen.

 

Hope you enjoyed this blog post on phishing. Well, that will be all for the Day 19 post. Catch you in the next post 😉