What is Phishing?
Phishing is a hacking technique in which scammers send emails, instant messaging or text messages posing as third parties. This is the least technologically sophisticated but the most effective of all the electronic scams, because instead of trying to breach the security of your accounts, they use social engineering to get you to give it to them without resistance.
Most often they use the user name or even the address of someone in your circle of trust. Phishing emails can come from your family, friends, work colleagues or even companies and organizations that you are a customer of.
What exactly does phishing mean?
Phishing by definition is meant to deceive anyone who receives an email or a text message. Hence it is related to the English voice fishing. Phishing attacks are intended to capture your card numbers, personal information or other data that may be marketed, and with which to continue feeding a system that scams millions of dollars a year.
Now that you know what phishing means, you may wonder why ph is used instead of the f in the original word. Well, it borrows this from another term that alludes to deception or falsehood: the word phony.
How does phishing work?
Once you know that this fraudulent practice impersonates the identity of your closest circle and takes advantage of your trust, it is important to understand how it works. Phishing messages can be received on any medium (desktop, laptop, telephone, tablet, etc.) and, although the most common method is email, social networks, text messages, etc. are also used.
The most commonly used format employs these elements: someone in your circle of trust writes to you because they have a problem that requires your immediate intervention. As a general rule, you will need to click on a link that will take you to a fraudulent website. Through a form, you will be asked to fill out confidential information. This can be your passwords, account recovery data, credit card…
Once they have that data, they can use it to access your email, bank accounts or any other place where they can take your money or take control of your identity. When, through this type of fraud, they can access your email, they can send messages to your contacts on your behalf and continue with the deception process.
Types of phishing
Although we have just described the generalized procedure, in practice there are several types of phishing.Here are just a few of the more popular plugins.
- Spear phishing is an attack directed at a specific person or group. Prior research is needed to know how to deceive the target. It has been seen in governments and organizations where, by typing the address of a responsible person from the email of one of their suppliers, they have managed to divert public funds or access confidential information.
- Nigerian scams were very popular in the early 2000s and are still seen today. In them, a supposedly high-ranking Nigerian government official sent a message requesting your collaboration to get his fortune out of the country. In exchange for lending him your account number, they promised you financial compensation.
- Through cloning, they will copy or duplicate a message with attachments. But, in this case, they will replace them with others with malicious content.
How to detect and report phishing?
Now that you know a little more about how it operates, you just need to know a few tricks to detect and report phishing. The appearance of the messages is usually very neat and can be difficult to identify, but there are some tricks that will help you.
- Be suspicious of messages that force you in any way to react instantly and remember that no company is going to ask you to share your passwords with them.
- Check that the links go where they claim to go before clicking on them. You should also be suspicious of grammatical and spelling errors.
- As you’ve seen in the phishing examples, don’t open files or messages that you don’t have full confidence in.
Following these guidelines you will know how to avoid phishing and you can prevent it. Remember that, when in doubt, it is better to be cautious than to have to regret such a situation. Consult the sender personally before opening doubtful messages.
Now that you know what phishing is and its most common patterns, you will know how to react when you receive suspicious messages. Please check the links and files before opening them and do not share your personal information with anyone.