Phishing Characteristics and How to Overcome It – Currently, there is a lot of online media talking about cases of data theft or sales of customer data for startup companies in Indonesia. Because of this news, the E-Commerce customers are worried about their accounts and data that might be misused. I will write an article that discusses it that might be useful for you. Happy reading!
Table of Contents
- What is Phishing?
- Types of Phishing
- How Phishing Works
- Phishing Characteristics
- How to Avoid Phishing
- Conclusion
What is Phishing?
Along with the development of the era and also technology, currently, there are many cases of cybercrime that occur, one of which is Phishing. Phishing is a cybercrime method in which a target is contacted via email, phone, or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information, credit card, and banking details, and passwords. In the email, there will usually be a link to a fake page that looks exactly like the real website to trap someone.
The information is then used to access important accounts and can result in identity theft and financial loss. The first phishing lawsuit was filed in 2004 against a Californian teenager who created a clone of the “America Online” website. With this fake website, he can obtain sensitive information from users and access credit card details to withdraw money from their bank accounts.
Types of Phishing
Phishing is divided into several types and techniques that are continuously carried out by cybercriminals, the types are:
Spear Phishing
Spear phishing is the act of sending an email to a specific target and claiming to be a trusted sender. The body of the email usually contains a link that directs the recipient to a fake website full of malware. These attempts are targeted at stealing sensitive information such as account credentials or financial information from certain victims. Although it is often intended to steal data for malicious purposes, cybercriminals may also intend to install malware on the targeted user’s computer. This is the most successful form of obtaining confidential information on the internet, accounting for 91% of attacks.
Deceptive Phishing
Deceptive Phishing is the most common type of phishing scam. This scam occurs when a known source or company you know emails you to compromise information. Typically, these emails ask you:
- Verify account information
- Re-enter information, such as login or password
- Ask you to change your password
- Make a payment
Once this information is entered, hackers finally get the information and can access your account and then use the sensitive information to steal payment card information, sell your personal information or exploit your sensitive information for profit.
2 ways can be done by the perpetrator to carry out this phishing act, the first way is that the perpetrator claims or disguises himself as a representative of an official agency/company and asks the victim to provide certain information. The second way, this perpetrator inserts a malicious site in the link that the victim clicks on.
Smishing
Smishing is a type of phishing that involves text messages. Oftentimes, this form of phishing involves text messages in SMS or phone numbers. Smishing is very scary because sometimes people tend to trust text messages more than emails. Most people are aware of the security risks involved by clicking on a link in an email. But it’s a different matter if through text messages.
Usually, criminals use methods or tricks to get the victim to click on the link provided, call the number listed, or reply to the message with the information the perpetrator needs. Examples that often exist in Indonesia are winning lotteries or prizes from large companies and on behalf of themselves as part of the company.
Apart from this, there are many other modes. So be careful and don’t believe it easily.
Whale Phishing
Whale phishing is a term used to describe phishing attacks that are specifically targeted at wealthy, powerful, or prominent individuals. Due to their status, if such a user falls victim to a phishing attack, he or she can be considered a big pish or whale. Whale phishing perpetrators use the same tactics as spear phishing.
How Phishing Works
Basic phishing attacks try to trick users into entering personal details or other confidential information, and email is the most common method of carrying out these attacks. An estimated 3.7 billion people send about 269 billion emails every day. Researchers at Symantec state that nearly one in every 2,000 of these emails is a phishing email, meaning that about 135 million phishing attacks are attempted every day.
Most people don’t have time to carefully analyze every message that comes into their inbox and this is what phishers exploit in several ways. Common phishing campaign techniques include offering prizes won in fake competitions such as lotteries or contests by retailers offering ‘winner vouchers’.
In this example, to ‘win’ the prize, the victims were asked to enter their details such as name, date of birth, address, and bank details to claim. Similar techniques are also used in other scams where the perpetrator claims to be from a bank that wants to verify purchase details that don’t exist or sometimes even worse the perpetrator will claim to be from a technology security company and they need access to the information to keep their customers safe.
Another, more sophisticated scam is aimed at business users. Here the perpetrator can assume the role of someone from within the same organization or one of its suppliers and will ask you to download an attachment that they claim contains information about the contract or agreement.
In most cases, the file will release malicious software into the system and will harvest personal data. But in many cases, those files are also used to spread ransomware.
Phishing Characteristics
Bad Spelling or Grammar
An official message from any large organization is unlikely to contain bad spelling or grammar.
Short URL in Email
Many examples of phishing attacks will invite victims to click through to a URL that looks legitimate. However, if the user takes a second to check the link, it can be found that it is not a legitimate URL. The perpetrator hopes that the victim will not check the link at all and simply click on it. In other cases, attackers will pick up slight variations on legitimate web addresses and hope users don’t notice.
Invalid Sender Address
Official companies will usually use an official email address that comes from the domain name of their website. First, make sure that the email has a website that can be accessed and is the company’s official website.
Website Appearance is Relatively Similar to Original
This is one of the characteristics of web phishing, namely the appearance of the website looks relatively similar to the original. If things don’t quite fit or feel different than usual, you should make sure first that it’s a legitimate website.
Typo Website Address
Although the perpetrator can create a website that is similar to the original website, the domain will not be able to imitate it. Because 1 official domain can only be used for 1 website. So to trick the victim, the perpetrator uses a domain that is slightly similar to the original website, for example, www.klikbca.com, a fake website is created with the domain www.klikkbca.com. So before logging in, make sure the website address is correct.
Website No HTTPS
To provide security to its users, usually large or credible sites use SSL for their websites. You can look in the address bar to find out if the website uses HTTPS (SSL) or not. Most phishing sites do not have an SSL Certificate.
Login Frequently Failed
If you have used the correct username and password but are still unable to log in, you need to suspect that you may be on a phishing site. If you have already filled in the data there, immediately go to the original website and change your password.
How to Avoid Phishing
- Check accounts regularly
- Create a bookmark for the login page
- Don’t click anything in the SMS message
- Don’t click on links in suspicious email messages
- Make sure the spelling of the website URL is official and has SSL (HTTPS)
- Change password regularly
- Be alert every time you receive a message from an unknown person
- Install software for internet security and keep antivirus updates.
- Be wary of emails or text messages getting rewards
Conclusion
So that’s the article about what phishing is, how it works, its characteristics, and tips to avoid phishing. Currently, there are many cases of phishing crimes that can be found, especially now that the times have changed little by little, people are becoming more modern and have digital access so the potential for cybercrime is higher. Therefore you have to be careful when using the internet, accessing websites, opening emails, and others.
Are you familiar with phishing? Hopefully, this article can be useful for all of you, and thank you for reading this article to the end. Share this article on all your social media so that your loved ones can avoid the threat of phishing. Thank you