Phishing is one type of cybercrime or social engineering method where criminals try to deceive victim by sending an email or phone call or by SMS to get victim’s sensitive information such as account password, confidential business information, banking details, credit card numbers etc. Then the gathered information is used for identity theft , unauthorized purchasing , stealing of financial data or stealing of funds .
Phishers often sends lucrative offer by email to lure you into clicking malicious link. By clicking the link you are redirected to a phishing website that’s looks like legitimate website or you may download an attachment which then install payloads of virus or ransomware into your computer.
According to phishing.org, In 2004 a teenager from California was charged of Phishing crime. He created a fake website of ‘America Online’, that look alike America Online. He deceived many persons by accessing their credit card details to withdraw money from their accounts.
There are various types of phishing such as website phishing, email phishing, voice phishing(vishing), SMS Phishing(smishing), Spear Phishing, Whaling , Clone Phishing etc.
Email Phishing : – Email phishing often described as Email fraud or email scam. Where a cyber-criminal sends an email that appears to be from an legitimate company, and asks you to provide sensitive information or download an attachment. Never reply or download attachments from this types of email, it may trick you to download malicious virus or you may fall of Identity theft.
Website Phishing: – It is one type of phishing where phishers send you a link, that redirects you to a website which look like legitimate website, but it is actually a fake website, which may ask you to update your information otherwise it may suspend your account. Never do this.
Voice Phishing : – It also call Vishing. So Vishing is a combination of voice and phishing. Voice Phishing is actually a type of phone fraud or phone scam. Where scammers or phishers ask your personal information or sensitive information such as banking details, financial data or credit card details, passwords etc. over phone. They uses social Engineering tricks to deceive you.
SMS Phishing : – It also call Smishing. So Smishing is a combination of SMS and Phishing. In smishing fraudster use social engineering trick by sending a SMS to gain your personal and sensitive information such as banking details, financial data or credit card details, passwords etc.
Spear Phishing: – Spear phishing is a type of email phishing, but targets only a specific person or specific type of groups, specific business or organization. The goal of spear phishing is also to gain personal sensitive information or to download malicious files on victims computer. Spear Phishing may look like broad range of phishing, but it actually specifically target someone or some organization.
Whaling : – Whaling is a type of phishing attack which target Big Phis(Whale), means in this type of phishing, Phishers targets only high-profile, wealthy, powerful individuals. Whaling or Whaling phishing uses same tactics as spear phishing to attack individuals, but in this case fraudsters only targets wealthy individuals. So you may say, it is also a type of spear phishing.
Clone Phishing : – In this type of phishing fraudster clone your previous email which looks identical to your email, but fraudster manipulate this mail with malicious links or attachments.
Tips to stay secure
- Never blindly click any link. Always hover over any link to get a preview URL. Check for misspelling URL. As example https://www.bankofamerica.com/ and https://www.bankofamarica.com/ may look same, but latter website is a fake website. So pay attention to the website URL you visit. It may look legitimate website, but there may be some variation in the website URL.
- Never visit a website with http://, always check for https:// prefix before URL and only visit those sites. If website starts with https:// that means your connection to the website is secure.
- Never give your personal, sensitive and confidential information over an email. If you have doubt, always visit company’s main website, Never respond to email if you have doubt with it.
- In case of organization, educate your employees, so that they never click doubted links and never open doubted attachments.
- Use spam filters, it can reduce number of phishing emails coming your inbox.