Phishing is a cyber-fraud in which an invader pretense as a trustworthy entity or an individual or a company. The target might do commercial transaction with, via email or other forms of fraudulent communication. It is the most infuriating threat we face, as it is a cyber-attack that uses masquerading email as a weapon. The attacker also sends deceitful emails to send malevolent links or attachments that can execute various functions. Such scams target millions of people every day by sending a message which direct the receiver to a sham website, that apprehends their personal data or contain a vindictive attachment. The prime objective is to hoax the recipient into having a faith that the email is something they require and steal sensitive information like credit card details, passwords or contains a message from their organization, which induces them to download an attachment.
Since 1990s, Phishing has become the most prevalent and maligned fraud and considered as the oldest kind of cybercrime. The message or email is generally from a trusted source like a government office or a renowned organization. The message scares the victim to take immediate action by clicking the link or downloading the attachment. Phishing mails with time has become way too sophisticated and well-made. Social networking sites have become a major phishing target. Here are some of the various kinds of phishing attacks that we have to deal with on daily basis:
This is the most common form of phishing attacks sent via email. In this, the felon will register a bogus domain that impersonates a legitimate company and directs millions of general requests. These emails generally use fear and a sense of urgency to frighten the recipient into doing what the invaders want. It is also referred to as Deceptive phishing, as the fraudster will break into people’s personal information or login authorizations. For an instance, the cyber-attacker may use the company’s name in the indigenous part like [email protected] com, which will appear as PayPal in the receiver’s inbox. This will persuade the recipient to click on the link in order to resolve a disparity with their account.
But, in reality the link will redirect them to a fake PayPal login page, which will also gather the recipient’s private information and send them to the assailants. The emails sometimes provide lucrative offers or eye catching statements to attract the victim’s attention like winning a lottery or an iPhone.
2. Spear Phishing
In this kind of fraud, the imposter alters their email with the victim’s name, organization, office address and other data in an endeavor to fool the receiver into trusting that the sender has an association with them. Such fraudsters will have all the personal details of the victim with them. The prime motive is also similar as email phishing, the attacker sends malevolent attachments to thousands of email addresses and induces the prey into clicking the bogus URL or attachment to get their personal information. This kind of phishing is very common on internet sites like LinkedIn, where the imposter can use various data sources to design specific attack mails. The hacking of the Democratic National Committee, was done using the Spear phishing technique.
3. Whaling Phishing
Whaling or CEO phishing targets everyone in the office, abusing the negotiated email account of CEO or Senior officials. The prime objective is same as any other phishing fraud, but the method is a bit more refined. The ploy also includes false tax returns on their behalf and share all the personal information on the dark web. The Tax forms are also considered to be of great value by the criminals as it includes all the important information such as: Bank details, pan card details and other important information.
4. Smishing Phishing
Smishing or SMS or Vishing phishing is the kind of phishing, which exploits the population, as they are addicted to text messaging and prompt communications. The emails are replaced with telephones, it baits the receiver into downloading attachments by sending text messages that give the impression of a legitimate source and comprises of spiteful URLs for them to click on. The content is same as email or deceptive phishing, only the mode of communication is changed. In Vishing, a telephonic conversation extracts the personal information (watch web series “Jamtara”). Vishing also involves a call from the criminal pretending as a fraud agent informing the recipient that their account has been trespassed. The receiver out of panic will also start sharing their card details in order to authenticate their identity. Sometimes the trick is to offer discounts on big brands or free movie tickets.
5. Clone Phishing
The purpose behind the Clone phishing attack is to make a clone or copy of the earlier delivered legitimate emails or messages, that the recipient has received from trusted sources. The imposter makes a virtual malicious imitation of original links or files and also replaces them with the legitimate ones. Innocent receiver opens the attachment or clicks the link as it looks very real, which confiscates their system. Like this, the criminal can forge the prey’s identity in order to pretense as a trustworthy sender to other people in the same company.