Phishing is a type of online fraud that is carried out to collect confidential user data through mass mailings on behalf of popular companies or organizations. Phishing recognized for the form of the message it takes: the attackers masquerade as a trusted entity or a company the victim might do business with. It's one of the oldest types of cyberattacks, dating back to the 1990s. The term arose in the same period among hackers. "Phish" is pronounced just like the word "fish" — and really the process resembles fishing.
Types of phishing
The main feature of all types of phishing attacks in disguise. Outwardly, it seems that phishing messages come on behalf of popular organizations or companies, but in reality, they are fake.
However, many methods fall under the definition of phishing. Typically, a phishing campaign tries to get a victim to do one of two things:
Transfer confidential information
These letters are aimed, through deception, to reveal important user data - often a username and password that an attacker can use to hack into a system or account. The classic version of this fraud involves sending an email similar to a message from a major bank; By sending spam messages to millions of people, attackers are sure that at least some of the recipients will be customers of this bank. The victim clicks on the link indicated in the letter and gets to a malicious site that is indistinguishable from the present, and then enters the credentials. An attacker can now gain access to the victim’s account, and this may be followed by theft of personal data or funds.
Download malware
Like a lot of spam, these types of phishing emails are designed to infect your computer with malware. Often messages have a "soft focus" - they can be sent to a human resources officer with an application, which, for example, is a resume of the applicant. These attachments are often ZIP files or Microsoft Office documents with malicious embedded code.
Some phishing statistics
- The average financial cost of a data breach is $3.86m
- Phishing accounts for 90% of data breaches
- Phishing attempts have grown 65% in the last year
- Around 1.5m new phishing sites are created each month
- 76% of businesses reported being a victim of a phishing attack in the last year
- 30% of phishing messages get opened by targeted users
- 1 in every 99 emails is a phishing attack
How to prevent phishing?
There also are several steps you can take and mindsets you should get into that will keep you from becoming a phishing statistic, including:
Think before you click!
Clicking on links that appear in random emails and instant messages is not a very smart step. Hover over a link you’re not sure about before clicking on it to know exactly where it leads. A phishing email may ask you to fill out or confirm personal information, but the email may not contain your name. Most often, such letters use the message "Dear customer." If in doubt, go directly to the source without using a potentially dangerous link.
Install an Anti-Phishing Toolbar
Almost all Internet browsers can be customized with anti-phishing toolbars. Such toolbars quickly check the sites visited by you and compare them to lists of known phishing sites. If you stumble upon a malicious site, the toolbar will alert you about it. This is just one more layer of protection against phishing scams, and it is completely free.
Check your online accounts regularly
Even if this is not technically necessary, regularly check each of your accounts on the Internet and change passwords for them. To prevent credit card fraud, you should request monthly statements of your financial accounts and carefully check each entry to make sure that no fraudulent transactions were made without your knowledge.
Keep your browser up to date
Security patches for popular browsers are constantly being released. They are created in response to security loopholes that phishers and other hackers inevitably detect and exploit. Never ignore updates about your browsers. Once an update is available, download and install it.
Beware of pop-ups
Pop-ups are often disguised as real site elements. However, in most cases, they are phishing attempts. Many popular browsers allow you to block pop-ups; you can resolve them on an individual basis. Many windows have a Cancel button, which often leads to a phishing site. Instead of this button, it is recommended to click on the small "x" in the upper corner of the window.
Do not share personal information
Try to never share personal or financial information on the Internet. This rule was relevant at the beginning of the advent of the Internet and remains so to this day. If you doubt the authenticity of the site, go to the main site of the company, get their number and call them. Most phishing emails will politely ask you to go to the site to update or confirm personal information. Never send emails with confidential information. Make it a habit to check your website address. A secure website always starts with “https”.