What Is Phishing And How To Avoid It

Phishing is a form of fraud where the attacker attempts to steal personal information such as your computer username, the password and your banking details to gain access to your accounts. The goal of the phisher is the theft of sensitive information, your money and your identity. In this article, I explain what phishing is and how you can prevent it. Let’s start by defining phishing.

Phishing Defined

Phishing is defined as a technique used to gain personal information for purposes of identity theft, using fraudulent e-mail messages that appear to come from legitimate businesses. These authentic-looking messages are designed to fool recipients into divulging personal data such as account numbers and passwords, credit card numbers and Social Security numbers (Identity numbers). [1]

Phishing – an explanation

Phishing is not new, in fact, it predates computers. Before the widespread use of the PC, it was called social engineering, and crackers used the phone to extract sensitive information from their unsuspecting victims. The delivery system has changed; fake web pages and spam replace the phone.

phishing

Types of phishing scams

Phishing attacks vary according to the attacker’s objective. The complexity of the fraud and quality of the forgery varies considerably. Also, targeting of specific individuals (Spear Phishing) and C-level executives (Whaling) in general, is popular. A common type is called deceptive phishing. In this scam, fraudsters impersonate a legitimate company and attempt to steal personal information and login credentials. The fraudsters use scare tactics and a sense of urgency to force users to comply with the email. A more devious phishing attack is the pharming technique that poisons the domain name system (DNS) cache.

Spear Phishing

Spear phishing is a form of an attack targeting specific individuals, roles or organisations. Attackers do in-depth research about the person or organisation they target, making the attack more believable and increasing the possibility of success.

Whaling

“Whaling” describes spear phishing attacks directed at executive officers or other high-level targets in business or government. The goal is to trick the target into disclosing sensitive corporate or governmental information through social engineering, email spoofing and content spoofing efforts. Sending your executive team on security awareness training helps prevent successful “Whaling” expeditions.

Deceptive Phishing

Deceptive Phishing is the most common type of phishing scam. The intention is to impersonate a legitimate company’s official correspondence successfully. To protect yourself from this kind of attack:

  • Always check the URLs for redirections to unknown websites
  • Look for generic salutations
  • Check for grammar and spelling errors scattered throughout the email

Pharming

Pharming is a scamming practice that installs malicious code onto a PC or server and re-directs the user to fraudulent websites without their knowledge or consent. Pharming is often called “phishing without a lure”.

Phishing scam techniques

Some of the more popular phishing techniques are:

  • Embedding a link in an email that redirects you to a scam website
  • Installing a Trojan via an email attachment that allows the intruder to obtain sensitive information
  • Changing (spoofing) the sender address in an email to appear as a reputable source and request confidential information
  • Requesting confidential company information over the phone by impersonating an employee

Preventative measures

There are human and technological aspects to consider that prevents the organisation falling victim to phishing attacks.

Do not respond to emails requesting financial or personal information:
Due to security reasons, banks and reputable organisations never send emails requesting confirmation of account numbers, pin numbers or any personal information. Phishers often use scare tactics when requesting personal and financial information (e.g. “Urgent – your account details may have been stolen”) to get an immediate response from the recipient.

Do not click on embedded links in suspicious emails:
Phishing emails often contain embedded URL’s re-directing you to a fictitious site that asks you to enter your financial or personal information. Rather type the URL yourself to see where it takes you. Never click the link as it could re-direct you away from the site listed in the URL.

Protection through software
The combined use of anti-malware, anti-spyware and the correct configuration of the firewall can help prevent phishing attacks. Also, ensure that all software is continually up to date.

Conclusion

Phishing is a form of fraud where the attacker attempts to steal personal information such as your computer username, the password and your banking details to gain access to your accounts. Educating the end-user to these threats and implementing anti-malware and anti-spyware solutions will reduce the success rate of the phisher.

References

[1] [Overview of IRS Phishing Activity, https://www.irs.gov/uac/overview-of-irs-phishing-activity] (accessed June 26, 2017)

Under attack? Contact Onsoft Hotline
Phone: 021-447-6106
email: support@onsoft.co.za

Recommended Posts
Contact Us

We're not around right now. But you can send us an email and we'll get back to you, asap.

Start typing and press Enter to search

Onsoft_eporter