What is phishing?
Updated at: Dec 09, 2020
Phishing is a cybercrime that happens when a criminal impersonates a person, company or government agency to lure and deceive someone through an email, text message, phone call, social network, or fake website.
The vast majority of phishing scams happen via email. That’s how criminals, also called phishers, attack most. But they also often use text messages, phone calls, social networks, and websites.
The name phishing comes from the verb fishing. That is, the purpose of phishing is to fish the victim so that he, basically, provides personal data and information.
Why is phishing so common?
Phishing is one of the main threats and one of the most used attacks by criminals today because it's much simpler to lie and persuade someone with an email, for example, than to break into a computer.
According to the FBI, phishing is the most common cyber scam in the world, affecting thousands of people and businesses every day.
In recent years, FBI has seen a huge increase in the number of complaints involving phishing. In 2019, 114,702 cases were registered. In 2018, there were only 26,379 cases.
The estimated value in terms of financial losses reaches almost USD 58 million. Check out the FBI report here.
A Europol report also points out that phishing scams are involved in about 32% of data breaches in companies.
According to data from Microsoft, the number of phishing attacks increased by 250% in 2018, which places phishing as a real and present threat.
How phishing attack works
Phishing attacks aren't focused on vulnerability in machines, systems, or software. The focus of phishing scams is human vulnerability. This is what we call the human factor.
In other words, the hacker launches the scam and expects the victim to take the bait and believe in the fraud. The person really needs to take the bait.
In cases of phishing attacks via email, victims generally receive a message with an urgent request, which may contain malicious links and attachments.
Another feature of phishing attack is that these emails are always sent by people or companies that are apparently trusted, such as your bank manager, Apple, Microsoft, or Netflix.
Everyone has received, at least once in their life, a suspicious email that tried to persuade you to click on a link, download a file, fill out a form, or provide your credit card information.
That's what phishing scams are about. This is how phishing attacks work.
Phishing with a malicious link
When there is a malicious URL or link in phishing, the email message will ask the person to click on the link and update payment information, for example.
What the victim doesn't know is that the link will direct to a fake webpage that looks very similar to the real one. When providing the data, the victim ends up sending his information to the cybercriminal.
Phishing with a malicious attachment
If it's a malicious attachment, the main risk is clicking on the file and getting a malware infection, such as trojan, virus, spyware or ransomware.
The big problem with malware is that this kind of threat can compromise important information and even cause irreparable damage.
In the case of ransomware, for example, data and systems are hijacked and blocked, which can paralyze the operation of an entire company. To release them, criminals demand payment of a ransom.
What are the types of phishing
Now find out the 3 main variations of phishing: vishing, smishing, and pharming.
Vishing are scams that happen via phone or voice.
Smishing are attacks that occur via text messages or SMS.
Pharming are scams that occur when malicious code is installed to redirect you to fake websites.
What is the relationship between social engineering, spoofing, and phishing
As we’re talking about persuasion and lying, one of the main techniques used in phishing scams is social engineering.
Social engineering includes methods of manipulation to gain access to confidential information that will later be used for fraudulent purposes.
Basically, in information security, social engineering is the act of persuading and manipulating people after extensive research on them.
Spoofing is related to the creation of fake email and website addresses. When using spoofing, the phisher is trying to imitate a legitimate address.
His goal is that you don't notice, for example, that only one letter has been added to an email address.
Characteristics of phishing scams
As time goes by, phishing scams have evolved to a degree of sophistication that makes them more difficult to be detected.
But despite this, the vast majority of phishing attacks have some characteristics in common.
Check out our list.
1. Urgent subjects that require a quick response
If the email is about a super offer or requires you to take action quickly, stay alert. The sense of urgency is one of the main characteristics of phishing.
2. Miraculous products that promise to solve problems quickly
Miraculous promises and products are frauds. Don't interact with emails that promise to quickly burn fat or solve your financial problems.
3. Suspicious senders and similar email addresses
Do you have the habit of carefully checking the sender of the emails you receive? Phishers generally use email addresses similar to legitimate ones, just adding or removing letters.
4. Spelling and grammar errors
One of the main signs of phishing is grammar and spelling errors in the email. It occurs because the fraudster often doesn't know your language very well.
5. Suspicious links
Phishers use a lot of malicious links. Always carefully examine links contained in emails. If you have clicked on a link, please review the website address as well. If you're in doubt: close the page.
6. Suspicious attachments
Attachments are very dangerous because they involve malware and other threats, such as ransomware, trojan and spyware. So, don't interact with attachments that you weren't expecting.
7. Request for confidential information
Regardless of the sender, be suspicious of any message requesting confidential information, such as credit card details or a contact list from your company.
How to block phishing
In some cases, it's difficult to identify a phishing scam. But there are some measures that can be taken to prevent it.
Prevention tips for users
In the case of a user, you need to read messages and emails carefully and be wary of any unusual requests. Also, never click on links or open attachments without being sure what you're doing.
If you're in doubt, try to confirm the email request using another channel, such as, for example, via phone call.
Prevention tips for companies
In the case of companies, it's necessary to fight phishing by acting in 2 ways.
You need to invest in your team's education. Your team needs to be trained to recognize different types of threats, including phishing.
You must also invest in email security solutions, with anti-phishing. Here at Gatefy, we have 2 email protection solutions that will help your company to be protected from phishing attacks and other threats.
Gatefy Email Security is a solution that protects your company against various cyber attacks, such as spam, phishing, ransomware, virus, BEC (Business Email Compromise), and social engineering.
Gatefy Anti-Fraud Protection is a DMARC-based solution that protects your company's domain, preventing criminals from using your brand in spam, phishing, and BEC scams, for example.
In addition, the solution also improves the delivery capacity of your emails, as in cases of email marketing, for example.