As fishermen specialize in catching fishes using their tools and technique, similar activities are happening in the technology world when hackers are stealing your information. This technique is called Phishing, where your bank account, credit card, and social security number are the fish living in the internet ocean being phished by the phishers.
Phishing is a type of scam or fraud that lures victims into security breach and identity exposure by making them follow certain unsecured instructions provided with the message.
While it is true that most phishing attacks happen through email, the modern technology improvement has created varieties of phishing strategies not limited to targeting computers, but also mobile devices, social media, and phone users.
The attackers' intention is usually making money, therefore phishing victim has a higher risk on the financial aspect. Such an attack approach can happen in many ways, for example through submitting an online payment from a fake website, or by injecting malware designed to steal your account.
History of Phishing
The term Phishing was introduced in 1996 after the incident of username and password being stolen from America Online (AOL) through phishing technique. AOL later alerted the public about this completely new type of scam approach because there was no awareness or protection against it.
Around 2001 and after, phishing attacks started to utilize the online payment systems by creating fraud websites disguising as PayPal and eBay. This approach dramatically increased the success rate of financial scams through phishing due to the visual legitimacy and instant payment method.
Today, phishing is still one of the most popular ways for scammers to take advantage of the public with an extraordinarily high success rate. Although the actual technique used has not changed since the mid-90s, this scam approach seems to simply work.
How do Phishing Work?
Phishing attacks start by scammer conducting a message that includes a malware file or a link to a malicious website. Of course, these malicious files and sites are dangerous on their own. However, what people should be aware of the most is the content of the message.
Phishing message is well designed toward tricking receivers to follow certain steps by using a technique called Social Engineering. A typical social engineering message will, for example, congratulate receivers with an instruction to receive the prize or alert about a legal case that requires immediate action.
A scam message will then be sent out to a massive number of random contact endpoints, both individual and business throughout the globe. The most common way to send a phishing message is through email, however, many cases involved contacting victims through Short Message Service (SMS), voice message, online chats, and even social media service.
There are cases where virus-infected through phishing attacks itself started to send out phishing messages from the host computer. This type of chained phishing email tends to have a higher chance of infection rate because the receiver believes the message was sent by a familiar person. Imagine your co-worker sending you an email with the title "Expense Report" and asking you to validate the attached document, while it turns out to be a virus.
What can Phishing Attacks Do to You?
Successful phishing attacks can bring a variety of harms depending on the phisher's intension. In this section, we will look through the potential negative impacts that could be caused by phishing.
The primary goal of typical phishers is to gain money through phishing. Therefore, most of these types of frauds are surrounded by an intension of tricking victims to submit an online payment.
Scammers attempt to increase the success rate by creating a fake online payment website that disguised as a commonly known official payment system such as PayPal and eBay. A victim who receives a social engineered message to complete the payment using the fake payment website, which directly sends the money to the phisher's accounts without a trace.
A high volume of malware are delivered every day using email phishing techniques. Malware based email phishing are designed to inject malware to the victim's device in many ways, such as through file attachment, embedded content, or with a malicious website link.
Once malware gets injected into your device, the harm introduced by malware can vary. Some malware will send out more phishing messages using the discovered contact list, while others may lock your system and ask for ransom in exchange for releasing.
Common Types of Phishing
Email phishing is the most used and well-known approach to target computer users. Usually bundled with malware designed to infect the computer for initiating further attacks. The ability to make the receiver directly open malicious websites through a harmless-looking link is another reason this approach became so popular.
SMS Phishing (SMiShing)
Alongside the popularity of mobile device usage, Short Message Service (SMS) phishing continues to happen more than ever. Similar to email phishing, SMS phishing will send social engineering-oriented short messages including a web link.
If the website is designed to download and install a mobile-specific malware, potential harm can be caused by Rootkit or Spyware which leads to exposing your sensitive information. Another approach is by sending you to an online payment page making you send money to resolve a made up trouble.
Voice Phishing (Vishing)
Voice phishing is an approach that targets broad areas of people by leaving a voice message with certain instructions. Voice typically sounds robotic as it is generated by software so that police will not be able to backtrace. An example Vishing message will tell you that your identity is under consideration to be compromised and you must send your Social Security Number for validation.
How to Protect Yourself from Phishing Attacks
Although there is no complete solution yet invented to stop phishing attacks, there are ways to improve your protection by following proper security practices.
Setup an Antimalware Software
Antimalware does not only prevent infection but also comes with all sorts of useful features. One of the features that can protect you against email phishing is the automated email scanning. The scan will analyze the email attached file and content as well as check the website associated with any links even before you open the email.
Know the Characteristics of Phishing
Just by knowing how phishing attacks work and being aware of scammers tricks your chance of catching fraud activities can greatly increase. Learn the fundamental of phishing strategies and always check the legitimacy of the source. Knowing the opponent is the best way to win over the opponent.
Use the Latest OS, Antimalware, and Browser
Keeping your computer and application up to date can defend you from all sorts of threats. Major organizations are constantly researching ways to improve their vulnerabilities and to periodically release security patches. You never know what new security holes are discovered by criminal groups, therefore always lookout for the latest security updates.