What is Phishing?
Phishing is a cyber attack which posses as a legitimate email or website to gain access to sensitive information. Many hackers use advanced methods which allow them to steal the information without getting caught. There is much effort put forth for security development against phishing scams, but there is also an increase in the sophistication of phishing methods.
Phishing is a form of social engineering. Most techniques rely on social networking sites and public sources of information. Phishing is one of the oldest methods of cybercrime but remains a prevalent concern in cyber-security.
The advent of artificial intelligence makes it easier for hackers to commit phishing schemes. The efficiency of artificial intelligence enables a hacker to reach more online mediums. Tools, software, and open source codes online allow hackers to develop their plans.
One common technique in phishing is to instill a sense of urgency. Many phishing scams ask for confirmation of personal information, followed by a warning. Such warnings may discuss deactivating an account. A site or mail that uses such a warning such be approached with caution. Many of these scams will appear professional and start off with “Dear customer”.
Many scams use the credibility of a brand name to gain trust. The scam involves the integration of the company logo among other aspects to make the scam seem believable. Another approach towards this is charity. There are many false charity sites which don’t have an affiliation with their supposed networks. This method of phishing plays on a person’s emotions. This may explain why they are more successful than other phishing methods.
Common Phishing Scams
Deceptive Phishing Scams
The most common method of phishing is deceptive phishing. The method simply asks for a person’s credentials. This can be banking information, email, or social security. There are many forms of deceptive phishing. One common phishing example is a survey which asks for sensitive information. The message may also contain spelling errors or have awkward wording. Many of these types of phishing scams are easy to spot. Deceptive phishing scams generally require the least amount of hacking knowledge. Therefore, they are not as successful as other phishing methods.
Spear Phishing Scams
Spear phishing involves observation of social media activity. It’s done behind the scenes and requires little interaction with the malware to start the process. Spear phishing sends an email or creates an advertisement that’s tailored to the person. The emails are structured the same as professional emails and appear to come from a trusted source. One red flag is that these emails ask for sensitive information.
Job application sites can be riddled with spear phishing schemes. Many job application sites ask for permission to send job notifications. While most are legitimate, some are not. An email may later appear about a job offer, but the email is generated from a hacking source. In this case, a person should not respond to the email. One way to spot such an email is to check if it is encrypted. Many mailing sites mark a message as encrypted. If it is not encrypted, then a warning is sent.
Whale Phishing Scams
Whale phishing seeks to gain access to a CEO's accounts. The name implies that CEOs are the big catch. A hacker who gains access to a CEO's accounts can gain a wealth of information about the business. This can lead to financial loss, restriction to employee information, and defamation to the business.
Pharming Phishing Scams
Pharming takes users from legitimate websites and redirects them to a malicious one. The method relies on DNS cache infiltration. During the DNS cache infiltration, a hacker switches out the numerical IP address with a corresponding alphabetical name. Most sites have some form of protection to block the hacker. If someone is redirected, they should close the site immediately through their viewing window, and not a pop-up window.
Search Engine Phishing Scams
Search engine phishing collects information that is stored in a search query. The information is used to tailor the scam based on the user’s search history. Some phishing scams come as a result of an illegitimate download or a visit to a malicious site. Search engine phishing sites can be unique in appearance or copy the appearance of a legitimate search engine site.
Vishing Phishing Scams
Vishing is phishing done over the phone. The phishing can be done by a person or a robot. Sometimes the activity requires a person to reveal sensitive information. Other times, the only thing that’s needed is the person’s voice. An affirmative answer like “yes” can be used against a person. The recorded voice information can be used as another means to gain access to sensitive information.
Smishing Phishing Scams
Smishing is like Vishing. The approaches are similar and smishing is done over SMS. A person or bot takes on a convincing profile to lure the victim into their scam.
Many phishing scams capitalize on the popularity of backup service sites. These sites are concentrated with sensitive information which makes them a target for phishing scams. These scams seamlessly integrate into less noticeable applications on the sites and ask for a person’s credentials.
Stop Account Takeover Fraud From Phishing Scams
iovation has seen a 220% increase in reported e-commerce account takeover (ATO) attacks over the last 12 months. Why the big jump? Fraudsters have become more sophisticated in their attack methods. They are using social engineering, bots, and phishing attacks, to name a few methods.
Ready for the next step?
Spot user behaviors and device information that’s suspicious, and stop those fraudsters in real time. We track billions of devices and our fraud analysts add evidence to make this intelligence even more effective.