Phishing attacks are methods that hackers and thieves try to obtain sensitive information. This includes usernames, passwords, and credit card details, all for malicious purposes.
Some phishing techniques include:
- Trojan Hosts
- Link Manipulation
- Key Loggers
- Content Injection
- Phone Phishing
- Malware Phishing
In this article, I am going to be talking about two of the main types of phishing attacks that people encounter everyday. These attacks are done through email and over the phone.
Email and Spam are attacks when phishers send one email to many users, and they usually try to impersonate banks, your email provider, or other trusted institutions. For example, you may get an email from “Amazon” with a link to confirm your password in order to get a free promotional gift card or to confirm security details. If you click it, you will most likely be taken to a page that is identical to the Amazon login page. If you look at the address bar, it will be a dead giveaway that it is not the official page because there will not be HTTPS or a secure certificate. If you are not careful and you enter your username and password, it will be captured and saved in a database of stolen logins. The victim often will not know because after you enter your information, you will be redirected to the official Amazon.com page. Using this information, hackers can sell your account, or make expensive purchases using your credit card. To protect yourself, you should check what links you click and the sites you visit, as some sites may use cross-site scripting to trick you into entering your information. Always think twice before you submit your passwords to any site.
Another common phishing attack is phone phishing. This is done by someone impersonating your bank or another company who tries to get you to tell them your personal information over the phone. They may try and convince you that your password needs to be updated and they will ask you for it over the phone. Keep in mind that no trusted company would have the need to ask you for such a sensitive piece of data. They already have access to your account because they need it to help fix any issues. The phishers will not have this and may still try to ask you for your password. This is a giveaway that they are not who they claim to be. If you are suspicious in any way, hangup and call the number of the bank or company directly and you can verify the authenticity of the call. Most likely, the call before was a scam and should be blocked or blacklisted.
Both of these attacks are very common and many people fall victim to it everyday. It can lead to stolen identities and large sums of money going missing. If phishers get one of your passwords and it is the same as the rest of the other ones you use, they you can put you in a very bad position. To learn more about creating secure passwords and managing them, please refer to my past article on this topic. Phishing scams can happen to anyone, and it requires you to always be alert on what you do online. Pay attention to what websites you visit and how you interact with them.