What is phishing?
Phishing is a type of social engineering attack where an attacker will try to trick a victim into disclosing sensitive information about themselves i.e. usernames and passwords, or personal information. Phishing attacks are very common, And they get the best of us. It can be easy to fall for one of these attacks. Some of these phishing attacks are very well crafted, sometimes it is almost indistinguishable from an official trusted source.
Email phishing is probably the most common, I’m sure if you have a look in your spam folder you will see many examples of phishing attempts. This has been a common communication method for phishing attempts for such a long time, But email is not the only way that someone might try to phish for your information. There are many more types of phishing, and the more that the world changes these attacks will follow suit. Any way that people are communicating or interacting with technology will always be a target for phishing attacks.
A website’s appearance can easily be copied and hosted with a slightly different domain name. Maybe you were trying to go to example.com, but you accidentally type in exampel.com, or maybe example.net; this is called typosquatting. Phishing can take many forms, Typosquatting is one of a multitude of ways an attacker may try to deceive a victim.
Vishing, or voice phishing attacks using phone calls are common. We all get those annoying phone calls from numbers we don’t recognize, Usually trying to convince you that they need some of your information. In some cases the phone number may be spoofed in order to look like a local phone number similar to your own. The attacker might pretend to be from some official government agency or the police in order to establish some sort of authority to scare a victim into handing over their personal information.
Smishing is a phishing attack over SMS (Short Messaging System) i.e. text messaging.
Sometimes the person is targeted because of the position they hold, maybe they are the CEO or have special access to information. In this case the attack would be know as a spear phishing attack, more specifically a whaling attack. Whaling attacks are targeted at very big target such as the CEO or maybe the owner of the company. Spear phishing attacks happen after certain reconnaissance has already been done, and the attackers know that the individual has access to what information they want.
There are so many different forms of phishing, these that I listed are not the only methods an attacker may use. How can I protect myself or my organization from phishing attacks? The best practice is not to trust anything you can’t confirm came from an official source. If you get an email that contains a link to even a legitimate looking website, it is wise to type in the address of the website yourself. It is better to be safe than sorry. It might take a little bit more time to ensure the websites and login portals you are using are legitimate, But a little bit of time is a small price to pay for your security and privacy. Ensuring everyone has this same mentality can go a long way to protecting themselves and assets they have access to.