What is Phishing and important tips to avoid it

okzone.eu.org

Have you ever experienced hacking or theft of your social media accounts? Or even your e-mail service was stolen by hackers? Well, if you have experienced it then you have experienced the initial patterns of phishing. So, what is meant by phishing? Let's look at the following reviews.

What is phishing?

Phishing is a cybercrime that targets victims via email or social media.

According to CISCO, phishing is actually the practice of sending fake communications that appear to come from a reputable source. Generally, phishing is done via email and aims to steal sensitive data such as credit cards, login information, or install malware in the victim's email.

Phishing comes in as a general crime or cyber attack that can manipulate people by accessing some trusted sites or contacts. The term "phishing" itself is thought to have emerged around the mid-1990s by using fake email methods. These hackers or phishing perpetrators were originally referred to as “phreaks”.

According to Wired, a common phishing process involves involving the victim's email or personal media account. In addition, there is spear-phishing which is a cybercrime that is specifically targeted and designed to make it appear that the perpetrator is known and trusted by the victim by posing as colleagues, relatives, and various other subjects.

In practice, phishing is generally carried out systematically with certain research through social media accounts of potential victims such as Facebook, LinkedIn, and various other media to obtain information on victims and their social networks. Phishing perpetrators will then impersonate relevant and interesting identities or topics to lure victims and gain their trust.

Reporting from the BINUS School of Computer Science, the term phishing itself comes from the term fishing or fishing. The relevance of this term is in the activity of "fishing" the victim by trapping and stealing important information from the victim's social media. In related sites, phishing is defined as an email-based scammer which is basically a scam in the victim's name.

Generally, phishing is done by impersonating and persuasively inviting victims to provide private information. This information could be credit card data, bank books, to various things that harm the victim.

okzone.eu.org

Types of phishing

The following are types of phishing.

In practice, phishing has several types as some have been alluded to above. To better understand what these types of phishing are, here are the 4 main types of phishing.

Phishing emails

One of the most common types of phishing is email phishing (Source: Pexels)

The most popular type of phishing is e-mail phishing or hacking based on fake emails to extract information from victims. This type of phishing is very dangerous because victims can accidentally open document links or links listed in email attachments and it is not impossible that these links contain malware.

Not only that, this type of phishing can also take the form of documents with malicious macros that can make users or victims leak their account credentials to perpetrators. Generally, these email phishers register a domain that looks similar to an official domain using a common email provider such as Gmail. Perpetrators can generally trick victims by using official company electronic letterhead but not using the company's official domain.

To avoid this type of phishing, we hope that we will be more careful with incoming emails and check their validity via domain addresses or verify with related companies/institutions. Because generally, perpetrators use domains from credible agencies to trick victims.

Web phishing

In general, this type of phishing is the easiest to find and the most popular. This is because phishing perpetrators use certain sites as their cybercriminal field.

We can encounter web phishing when we find mysterious and interesting links on a site. Generally, this type of link offers a bonus or a certain convenience that attracts site visitors. By clicking on the link, the device will automatically be infected with malware or the user will be directed to another site that contains filling in personal data under the guise of giving a bonus.

Spear phishing

A dangerous form of spear phishing (Source: trendmicro.com)

If asked which type of phishing is the most dangerous, then spear phishing is the answer. This phishing system is very risky because the perpetrators have targeted potential victims.

Similar to email phishing, however, spear phishing has generally been developed by greeting potential victims with their full names and complete information about the victim. Spear phishing generally targets specific groups or individuals such as company admins.

The content of spear phishing has also been accompanied by certain links or links that can lead victims to dangerous sites or even automatically download malware.

Whaling

Almost similar to spear phishing, whaling is a phishing action by targeting the victim. The difference is, whaling targets are people or individuals who have high positions in certain companies. Those who sit in high positions or are considered "big people" are usually C-levels in a company.

The mode commonly used by this type of phishing actor generally makes these executives confused because the perpetrator claims to be from a credible institution or institution. With some polished emails and important information, the perpetrator can then make things difficult for the victim by claiming that the company involved is violating legal consequences and so on.

After toying with the victim with this social engineering method, the perpetrator will later direct the victim to click on a specific link in the email that leads the victim to the brink of malware or major hacking. Generally, whaling perpetrators will target the company's bank account number, tax number, and victim's personal account number.

Features of phishing

Some of the characteristics of phishing that are commonly known and can be identified are as follows.

• Have an email address that looks generic and has a hypertext link

• Links have strange characters or are abbreviations

• If you hover the mouse over the link, the address of the site's destination will appear, usually irrelevant to the company name or email address of the perpetrator

• Using SMS as an advanced trick to access mobile devices

• Suspicious manipulative links

• Perpetrators ask for sensitive information about your privacy or bank account such as CVV number and so on

• Emails from perpetrators have a tendency for you to download or click on the links included in the body of the email

Tips to avoid becoming a phishing victim

In order to avoid phishing, we have to watch out for mysterious downloads or links in emails

After knowing the types of phishing and their characteristics, we become better at understanding how phishing works. These various phishing tricks will generally continue to be addressed from time to time and further confuse potential victims. However, we can avoid phishing with the following tips.

• Don't click on email links from unknown sources

• Beware of pop-up windows

• Do not provide personal information via email

• Beware of social, financial, and emotional lures

• Pay attention to the sender's email address and make sure it's through the company's or office's real website

• Ignore if a mysterious e-mail suddenly finds out detailed information about you

So, those were some of the things you need to know and watch out for about phishing as a cybercrime. You can avoid phishing if you are careful about these kinds of things and are not easily tempted by online offers.