I received an email asking me to update the personal details of my checking account by clicking on a link, but I was surprised that the URL of my bank is not the same as always. I called the bank and they told me that it is a scam known as phishing. This is a classic case!

Among the risks that we can find when we use the Internet is phishing, a technique used by cybercriminals to obtain personal and banking information from users by impersonating a legitimate entity such as a bank, a social network, a public entity, etc.

How Does Phishing Work?

Cybercriminals capture our attention with some excuse to redirect us to fraudulent web pages that pretend to be legal and original of the service they offer. Any system that allows the sending of messages can be used as a means to try to steal our personal information. In some cases, attempts to steal our personal information may arrive through emails, SMS, or MMS messages (smishing), in the same way as by any instant messaging tool (WhatsApp, LINE, etc.) or social network.

What is URL Phishing?

Source: blog.malwarebytes.com

URL Phishing is one of the most popular forms of phishing. It provides a fake link that directs its clickers to an “unliked page”. Phishing URLs are associated with fake websites because the unlikable page is a website with misleading information. It could be a fake Facebook page with a fake login field or a fake email page with similar characteristics.

Phishing assaults are quite possibly the most well-known security challenges that the two people and organizations face in keeping their data secure. Regardless of whether it’s gaining admittance to passwords, Visas, or other touchy data, programmers are utilizing email, web-based media, calls, and any type of correspondence they can to take significant information. Organizations are an especially advantageous objective.

To assist organizations with bettering they can attempt to abstain from succumbing to phishing assaults, we requested several security specialists to share their perspective on the most widely recognized ways that organizations are exposed to phishing assaults and how organizations can forestall them. Beneath you’ll discover reactions to the inquiry we presented:

Phishing Techniques

Phishing endeavors regularly start with an email endeavoring to get touchy data through some client connection, for example, tapping on a malignant connection or downloading a contaminated connection.

Through connect control, an email may give interfaces that farce real URLs; controlled connections may include unobtrusive incorrect spellings or utilization of a subdomain.

Phishing tricks may utilize site fabrication, which utilizes JavaScript orders to make a site URL look real.

Utilizing undercover redirection, assailants can ruin real sites with malevolent spring-up discourse boxes that divert clients to a phishing site.

Contaminated connections, for example, .exe records, Microsoft Office documents, and PDF reports can introduce ransomware or other malware.

Phishing tricks can likewise utilize calls, instant messages, and online media apparatuses to fool casualties into giving touchy data.

Sorts of Phishing Assaults

Some particular sorts of phishing tricks utilize more designated strategies to assault certain people or associations.

  1. Lance Fishing: Lance phishing email messages will not look as arbitrary as more broad phishing endeavors. Assailants will frequently assemble data about their objectives to fill messages with a more realistic setting. A few aggressors even commandeer business email correspondences and make profoundly modified messages.
  2. Clone Phishing: Aggressors can see genuine, recently conveyed email messages, make an almost indistinguishable duplicate of it—or “clone”— and afterward change a connection or connection to something pernicious.
  3. Whaling: Whaling explicitly targets prominent and additionally senior chiefs in an association. The substance of a whaling endeavor will regularly present as a legitimate correspondence or other significant level leader business.

What To Do If You Detect It?

  • Try not to answer regardless of these messages.
  • Do not access the links provided in the message or download any attached document.
  • Erase it and, if you wish, alert your contacts about this extortion.

How to Prevent It?

Be wary of emails that appear to be banks or known services with messages such as:

  • Technical problems of the entity.
  • Security problems in the user’s account.
  • Security recommendations to avoid fraud.
  • Changes in the entity’s security policy.
  • Promotion of new products.
  • Discount vouchers, prizes, or gifts.
  • Imminent cessation or deactivation of the service.
  • Be suspicious of grammatical errors in the text.
  • If you receive generic communications addressed to “Dear customer”, “Notification to the user” or “Dear friend”, it is an indication that should put you on alert.
  • If the message forces you to decide in a few hours, it is a bad sign. Directly contrast if the urgency is real or not with the service through other channels.
  • Check that the text of the link matches the address it points to.
  • A reputable firm or company will use its own official domains for corporate email addresses. If you receive the communication from a mailbox type @ gmail.com or @ hotmail.com, it is not a good signal.

Finally, whatever form it takes, it is extremely dangerous and should be avoided by every Internet user.