What is Phishing?

How Phishing Works?

Different Types of Phishing

what is phishing?

The attack strategy known as phishing has been in use since the middle of the 1990s. It all began when some young people hacked into AOL's chat room feature and pretended to be AOL administrators. For perpetual free AOL access, they stole credit card information from other users. Sending fraudulent communications that seem to be from a reliable source is known as phishing. Typically, email is used for this. The intent is to steal sensitive information like credit card numbers and login credentials or to infect the victim's computer with malware. It persuades the user to take an action that gives a scammer access to your device, accounts, or personal information. They can more easily infect you with malware or steal your credit card information by posing as a person or business you trust. To get your valuable information, these social engineering scams "bait" you with trust, in other words. A social media account or your social security number could be involved. Since phishing primarily relies on social engineering, all users must understand how the attackers work to exploit human nature. Hackers use social engineering to deceive users into taking actions they wouldn't normally take.

How Phishing Works?

Social networking strategies applied to email or other electronic communication methods are a common technique used in phishing attacks. Among the methods are direct social network messages and SMS text messages. In order to learn more about the victim's background, interests, and activities, phishers can use public information sources. Typically, through social networks like LinkedIn, Facebook, and Twitter. These sources are typically consulted to learn details about potential victims, such as their names, occupations, and email addresses. Then, the hackers can create a convincing email using this information. Typically, a victim receives a message that appears to have been sent by a known contact or organization. The attack is then carried out either through a malicious file attachment or through links connecting to malicious websites. The goal would be to install malware on the user's device or lead the victim to a fake website in either scenario. Misleading websites are created to deceive users into providing sensitive information, including passwords, account numbers, and credit card information.

3 (common) Different Types of Phishing

1. Email Phishing

Most phishing attacks are sent by email. The crook will register a fake domain that mimics a genuine organization and sends thousands of generic requests. The fake domain often involves character substitution, like using ‘r’ and ‘n’ next to each other to create ‘rn’ instead of ‘m’. In other cases, the fraudsters create a unique domain that includes the legitimate organization’s name in the URL. There are many ways to spot a phishing email, but as a general rule, you should always check the email address of a message that asks you to click a link or download an attachment. (Luke Erwin, March 2022).

2. Spear Phishing

Spear phishing describes malicious emails sent to a specific person. Criminals who do this will already have some or all of the following information about the victim:

• Their name;
  
• Place of employment;
  
• Job title;
  
• Email address; and
  
• Specific information about their job role.
  

The informality of the email also suggests that the sender is a native English speaker, giving the impression that this is a real message rather than a template. The fraudster has the wherewithal to address the person by name and (presumably) knows that their job role involves making bank transfers on behalf of the company.

3. Whaling

Senior executives are the target of even more specialized whaling attacks. Although the objective of whaling is the same as that of any other phishing attack, the method is typically much more subtle. Tricks like fake links and malicious URLs are ineffective here because the criminals are posing as senior staff members.

Whaling emails frequently pose requests for favors from an employee from a busy CEO. Emails like the one above may not be as sophisticated as spear phishing emails, but they prey on employees' eagerness to obey their superiors. Even though the sender might be acting improperly, the recipients might be suspicious of them but be hesitant to confront them.