Phishing is an example of Social Engineering, and is defined as the fraudulent attempt to obtain sensitive information, often for malicious reasons, by disguising as a trustworthy entity in an electronic communication.
How does Phishing work?
Phishing attacks rely on a communication, such as a text message or an e-mail. The attacker may use the message to distribute a malicious link that appears trustworthy, in order to take information such as account details from the victim. Another common style of Phishing is using a scam. Often with the promise of a large reward, the scammer aims to convince the victim to give up details such as their credit card information. Phishing messages are often hard to distinguish from safe messages.
What different types of Phishing are there?
A Phishing attempt that is directed at a specific individual is a Spear Phishing attack. Attackers may gather personal information about their target to increase their chances of success. This technique accounts for 91% of all Phishing attacks on the Internet. In 2015, Ubiquiti Networks Inc. lost $46.7 million to a Spear Phishing attack. This proves just how successful this Social Engineering technique can be.
Clone phishing is a type of phishing attack where a legitimate email containing an attachment or link has had its content taken and changed to create an almost identical email. The attachment or link within the email is replaced with a malicious version, and then sent from a spoofed email address. As this e-mail appears to be a resend or edit of the original, it is difficult to distinguish it from a safe e-mail.
Whaling is a type of Phishing that is specifically aimed at high-profile targets within businesses. The content of the masquerading web page/email will often take the form of a legal document, customer complaint or executive issue. Whaling Phishers have been known to forge documents from Authorities, and thus these emails are very difficult to distinguish or ignore.
How can you protect yourself from Phishing?
There are multiple ways to protect yourself and your business from Phishing scams.
- Anti-Phishing websites, such as FraudWatch International, post exact Phishing e-mails that are currently circulating the internet.
- Familiarise yourself with techniques to spot the conventions of a typical Phishing scam.
- Use a web browser with features to prevent you from accessing malicious webpages.
- Use a spam filter on your inbox.
- Consider Cyber Essentials certification.