What is Phishing?
Phishing is a type of online scam where criminals impersonate legitimate organizations via email, text message, advertisement or other means in order to steal sensitive information. This is usually done by including a link that will appear to take you to the company’s website to fill in your information – but the website is a clever fake and the information you provide goes straight to the crooks behind the scam.
Phishing Techniques:
This technique is the most common, and often occurs when cybercriminals send emails with phishing URLs to try and obtain sensitive user information. According to a Forcepoint article, “an email may present with links that spoof legitimate URLs; manipulated links may feature subtle misspellings or use of a subdomain.” Once access is granted through these links, cybercriminals are able to successfully launch an attack.
SMS / Text Message
This technique is used by cybercriminals to send targeted text messages in an effort to trick these individuals into disclosing personal information. This is executed through a malicious link that redirects users to a phishing website and exposes their personal information to the attacker.
Web-Based Forgery
This is one of the most sophisticated phishing techniques used by cybercriminals. According to the Phishing.org article, this technique is “also known as ‘man-in-the-middle,’ [where] the hacker is located in between the original website and the phishing system. The phisher traces details during a transaction between [a] legitimate website and the user. As the user continues to pass information, it is gathered by the phishers, without the user knowing about it.”
Malvertising
This technique involves malicious advertising including active scripts that have been created to download malware or force undesired content into victims’ networks. The most common and popular methods of malvertising includes Adobe PDFs and Flash. If you have seen these types of advertisements pop up on your browser, it is best to just steer clear.
