What is “Phishing” ?
“Phishing” is one of the methods of cyber crime that is present along with the development of digital technology. Explained with examples!
This digital crime takes the form of stealing personal information and data via email, telephone, text messages, and links claiming to be certain agencies. This manipulative attack is a challenge in the digital age.
Phishing is a type of data breach that has emerged since the 1990s. To date, phishing is still one of the most destructive cyber attack techniques, especially with its execution methods becoming more sophisticated as technology advances.
Phishing attacks are bad for victims, both individuals and businesses. Losses obtained such as unauthorized purchases, theft of funds, to theft of identification. Therefore, let’s see more about the types of phishing, how it works, and how to prevent it through this article.
Types of Phishing
Phishing
Phishing aims to break into personal data and company cybersecurity. Even more dangerous, if a phishing attacker or so-called phisher can send emails to company executives who hold certain roles in the business.
This type of cyber attack can also attack other information storage systems depending on the needs of the attackers. To get to know more about phishing, let’s look at the types of phishing that are commonly encountered today.
1. Deceptive Phishing
Deceptive phishing is a fraudulent activity that is happening a lot nowadays, especially in online chat apps. This fraud uses the identity of certain agencies, companies, or parties that have big brands. Attackers use email addresses, links, and text messages that resemble well-known agencies, companies, or brands.
Deceptive Phishing is the most common type of fraud. Be careful if there are large companies that ask you to verify account information, ask for logins, ask to change passwords, to make payments. Need to pay attention to the information again, yes. If you feel awkward, better ignore it.
Usually people in the IT world call this SCAMPAGE
2. Spear Phishing
This type of fraud is similar to how to catch fish that is targeted with a spear. That is, this technique hunts down victims who have been previously targeted by the data thief who has a specific purpose. Usually, phishers contact victims through personal contacts, such as email, WhatsApp messages, SMS, telephone, and others.
Given that the victim has been targeted previously, spear phishing has a higher success rate. Phishers really look convincing. However, to find out, you can recognize phishing messages from the use of inappropriate grammar.
If the attacker claims to be a manager or executive, you can confirm this to the person concerned, if you feel awkward with the email or message conveyed.
3. Whaling
Whaling is a type of phishing targeting specific individuals who have high authority in a company, such as business owners, company directors, and others. People with the highest positions are targeted, because they have a lot of authority over important data and information.
If the whaling action is successful, there are many benefits that can be utilized from the access obtained. Usually, phishers contact the victim’s personal email address for the reason of correspondence related to business matters.
4. Smishing
The term smishing is a combination of SMS and phishing. This type of attack is spread through text messages (SMS). Smishing is classified as the easiest scam among other types of phishing. The reason is that phishers only need to sequence phone numbers to spread fake messages so that they click on malicious links containing malware or redirect you to websites created by the perpetrators.
How does it work?
Manipulating information and exploiting the victim’s negligence is how phishing works. The initial stage of course determines who the potential victims are and their goals, judging by the type of phishing that will be carried out. Some of the targets, such as the user’s username and password to control the account.
Phishers also prepare fake websites, starting from design, choosing a domain name that is similar to the original domain, to preparing content with convincing writing. In fact, it is not uncommon for perpetrators to design websites similar to well-known brands, but use a much different domain name.
With the appearance of the website and convincing information, not a few finally access the phishing website belonging to the perpetrator which is distributed through links distributed via SMS or social media accounts. If the victim follows the instructions, the perpetrator’s goal is achieved.
Usually, perpetrators ask for personal data, such as email addresses, passwords, account numbers, credit card data, telephone numbers, one-time passwords (OTP), to home addresses. In email phishing, the sentences used usually include a surprise gift or a fake notification about the hack that urges you to update your password.
