Nowadays, with the advancement of technology, making financial transactions has become very simple and it is enough to enter your credit card information after entering the bank portal. The same is true at the macro and organizational levels. For example, if an organization intends to launch an advertising campaign, there is no need to inform and talk to employees one by one, and this is done by sending a group email to employees. But there is another side to this coin, and the convenience that technology provides us can have a heavy toll. We mean the heavy penalty for cyberattacks and cybercrime. Phishing is one of the most common types of these crimes and attacks. In this article we will explain in detail what phishing is and what we should do to avoid falling into its trap. Stay with us.
What is phishing and how is it done?
Phishing is a kind of cyber attack, or to be more precise, a kind of social engineering attack. These types of cyber attacks are carried out for two purposes:
- Theft of confidential personal information such as passwords, email and passwords and confidential information of bank credit cards;
- Theft of confidential information of private and governmental organizations and bodies.
For example, in the first case, we assume that you have been directed to the bank portal of your intention to pay. If someone who plans for these cyber attacks targets you, you will enter a fake portal that looks exactly like the main portal, but as you can see in the image below, there are slight differences in the address bar link of the page. There is something to be guided by. If you enter your bank card information on this page and fake portal, all this confidential information will be provided to Fisher.
In the second case, phishing attacks are carried out in such a way that, for example, an email is sent to all employees of a private or government organization that contains a malicious link or malware. Anyone who falls victim to these attacks and clicks on the link will be redirected to a page where the organisation’s confidential information is provided to Fisher or the attacker. It will then be able to install malware on the operating systems of employees (or even employers) and steal the organ money or intellectual property.
How can we be sure that the bank portal is not fake?
When entering the bank portal to pay, carefully consider the explanations you see in the image below. Any possible discrepancies could indicate a phishing attack, and if you enter your bank card information, you may become a victim of cybercrime and your account information may be leaked to fraudsters.
Types of phishing attacks
Phishing comes in many forms, the most common of which is sending emails containing malicious links and malware. Of course, there are other types that we will provide information about each of them in the following.
1. Spear phishing
In this type of attack, a hacker or Fisher thoroughly researches all the personal information of one or more employees of a collection, including his name, place of employment, job title, email address, and his trusted persons. He then tries to force the victim to transfer money or do other things by sending persuasive messages.
۲. Walling (whaling)
The main target in this type of phishing attacks are employers and high-ranking officials. There is usually a lot of personal information about these people on social media and cyberspace. A fisherman uses this information to send highly personalized messages and tricks the victim into achieving his or her goals.
3. Smishing and vishing
In these two types of phishing attacks, instead of sending emails and other similar solutions, smart phones are used. The hacker or fisherman in the ismishing proceeds by sending a text message to the victim’s mobile phone, and in Vishning, by making a phone call. In most cases, after making a phone call, the victim is told that his or her bank account is at risk of fraud and that he or she should provide complete credit card and bank account information to the person who contacted him or her as soon as possible to prevent this from happening. .
The hacker or fisherman in these cases impersonates a bank employee or similar person.
4. Angler phishing
In this type of cyber attack, a hacker or fisher on one of the social networking platforms (Instagram, Twitter, etc.) creates an account whose profile picture, number of followers, descriptions in the bio section, and other things are exactly like the account that the brand or A reputable company has that platform. The company then communicates with and targets the company in various ways and abuses them in various ways.
How do we not fall into the trap of phishing?
As mentioned, cybercriminals use a variety of tactics, including email, text messaging, messaging on social media platforms (direct), and phone calls, to gain access to and misuse personal information and confidential information. But there are signs that you can pay attention to these attacks and not fall into the trap of phishing. In this section, we will introduce some of the most important ones.
1. Call for immediate and urgent action
If you are sent an email or message explaining that in order to gain a particular benefit or reward, or to avoid loss, you should immediately click on the link provided to you, it is better to wait a while and carefully send the message and the link sent Check.
Creating a sense of urgency is one of the main ways phishing is used to deceive the victims of this type of cyber attack.
۲. Receive a message or email for the first time from anonymous senders
Receiving a message or email for the first time from a sender you do not know is not uncommon, especially if the sender is outside of the group you are working with. In such cases, it is better to be careful and carefully check the message and its attachment.
3. Spelling or grammatical errors in the text and message links
Reputable public and private bodies usually have an editorial team that carefully reviews the text of messages to find spelling or grammatical errors before sending messages to customers and the target market. If you receive a message that contains spelling or grammatical errors, you should doubt its authenticity.
4. Minor and subtle changes in the URL bar link of reputable websites
When you receive a message designed and written for a phishing attack, by clicking on the link that is attached to the message, you will be redirected to a website that looks exactly like the website you are looking for, but is actually fake and a fisherman or hacker. Receives your confidential information.
From External Websites For example, a fisher or hacker changes the URL of a website like Microsoft.com to something like rnicrosoft.com or, as you can see in the image below, the yahoo.com address changes to something like yah00.com.
If you enter your account information on a fake website, it will be given to the hacker and he can use it for his own purposes.
For example, if an email was sent to you from a reputable organization or organization and you doubted its authenticity, you can contact the relevant organization or organization and discuss the issue with them. Likewise, if the email or message is from someone you know well enough, because sometimes a hacker does extensive research to identify people close to the victim and sends fake messages on their behalf.
How to prevent phishing attacks?
First of all, you need to know enough about phishing attacks and their types, and when you should doubt the authenticity of the message that was sent to you or the contact that was made with you. For example, if someone calls you and asks for your bank account information, you should not give them this confidential information until you are sure that it is true.
Another thing to keep in mind is the constant updating of the operating system, antivirus software, and security patches (firewalls, etc.) to the system you are using. In this case, if Fisher wants to transfer malware to your system, it will be much more difficult. Most popular browsers, such as Google Chrome and Firefox, also have anti-phishing add-ons that can be very effective in preventing such attacks.
what is your opinion? Have you ever been a victim of phishing attacks? Can you give us some details about your experience? Do you have any other solution that can be used to prevent these attacks?
If you wish, you can share your experiences and comments with us and the magazine’s audience in the “Submit a Comment” section, and enrich the article with the valuable information you add.