The phishing attacks is one of the largest and most widespread threats at cyberspace. In most cases, they manage to bypass the detection methods and the chances of locating and apprehending the perpetrators are limited.
The term "phishing" has been around since 1987. The risk of falling victim to a phishing scam attack began to increase gradually, because of wider use of the internet and the collection of personal information available mainly through social media.
Phishing essentially refers to fraudulent use of electronic communications to deceive users. It is a form social engineering attack, usually based on the mission emails, in order to theft data or the malware installation.
Usually, perpetrators try to obtain confidential information such as usernames, passwords access, credit card information etc.
Criminals try to make these emails look legitimate in order to increase the chances of users being deceived.
How it works Phishing;
Usually, malicious emails contain links or attachments. Links can lead users to seemingly legitimate pages, which they ask to provide in person data and passwords.
On the other hand, attachments can have various formats such as Word, Excel, PDF, which download malware on systems of the victims.
Every day, they take place thousands of phishing attacks worldwide.
Although the ultimate goal of fraudsters is always the same, there are different ways of carrying out attacks.
Some of the most common types of phishing attacks are: spear phishing, whaling, smishing, vishing, clone phishing and angler phishing.
Spear phishing emails are common more targeted from simple phishing and focus mainly to business employees. Intruders often gather information about their targets to make their messages appear more convincing.
And in this case the goal is to open a malicious link or attachment.
One of the most common techniques used by hackers to carry out a spear phishing attack is hosting malicious documents on cloud services. Many criminals host malicious documents in services such as dropbox, Box and Google Drive, as in most cases, IT systems do not exclude these services.
Therefore, it is easy to bypass the solutions security organizations, as email filters will not label them as infected documents.
With regard to clone phishing, attackers can view victims' previous conversations and clone them, that is, to make an almost identical copy and then change an attachment or link it to something malicious.
This way, the recipient will not realize that it is something suspicious.
Another type of phishing attack is whaling attacks, which are even more targeted. They are addressed to senior executives or users with increased privileges in a business. These attacks require more effort, but the rewards are probably greater.
The targets are usually CEOs and other executives who have valuable information and more access to systems.
Researchers have noticed that whaling emails are often combined with one voice call, confirming the email request.
Whaling attacks can be combined with other scams. A breached account of a senior executive can be used for conduct Business email compromise (BEC) attacks. A common example of a BEC attack is sending an email to an employee, which is supposed to come from the CEO. Employees are likely to be fooled and respond to a senior executive's request, which is usually to transfer money.
Smishing and Vishing
When it comes to smishing and vishing, this is two phishing techniques, where phones are used instead of emails.
To vishing, scammers carry out phone calls. In a typical vishing attack, the criminal calls the victim and pretends to be a bank teller, informing the victim that his account has been breached.
He then asks for some bank details to verify the identity of the victim or transfer money to a supposedly "secure" account, which of course belongs to the scammer.
A common tactic in vishing attacks is ID spoofing. With this tactic, criminals cover their phone number so that it appears that the call is coming from a legitimate phone number with the target area code.
On smishing attacks, fraudsters send malicious text messages containing a malicious link or requesting it in person data.
Malicious links can lead to Automatic download of malicious applications on victims' mobile devices.
These applications could then be developed ransomware or allow criminals to remotely control the devices.
Finally, angler phishing is a relatively new type of attack. The hackers utilize the SOCIAL MEDIA to obtain information and deceive users. Fake URLs, cloned web pages, posts, tweets and even instant messages can be used to trick users.
Also, criminals can use data that they themselves users post on social media.
These were some of the most common types of phishing attacks. Most are extremely effective.
The users must be a lot careful, as criminals seize every opportunity to attack.
Often, they use current affairs to get the attention of the victims.
For example, in the last year, the hackers carried out many phishing attacks that had him as bait COVID-19.
In addition, the new conditions created by the pandemic are also being used by criminals.
The hackers take advantage of remote work, as employees do not have the same security, using their home networks and personal devices.
They also take advantage of the fact that many employees cannot recognize phishing emails.
Various studies have concluded that one a large percentage of users know nothing about this attack. Another study showed that many people believe they can recognize one attack, but this does not seem to be the case, as only 5% were able to identify all types of fraud.
These results show that knowledge of phishing and the different types used by hackers is essential.
As technology and the internet are an integral part of almost every business, users need to be aware of this threat.