Phishing
Phishing - Method
Phishing is a fraudulent method that involves sending fake e-mails or text messages to trick the recipient into giving away sensitive information that the attacker may use for the purpose of committing a crime. The analogy with fishing can be explained by the fact that those who try to deceive with this method generally make use of some form of bait that the attacked person is expected to swallow. The spelling comes from phone fishing, a similar form of fraud. To distinguish online fishing from regular fishing, you spell it “phishing”.
Social manipulation
Phishing is a form of social manipulation or social fraud (“social engineering"). This means tricking users into committing various types of poorly considered actions, such as providing account information, passwords or anything else that a fraudster might benefit from.
Common Phishing Methods
Common methods of phishing include the attacker pretending to be some form of known institution with a legitimate case. One can also suggest opportunities for financial gain or pretend that an account is threatened and that it is urgent to click on a certain link to stop what is happening and save what can be saved. Phishing can be grouped by a number of different methods such as general phishing, where you send out a wide net hoping for at least some result, harpoon fishing for targeted attacks and whale phishing for big catches.
This is what the vocabulary looks like:
Phishing
For example, you send out a large number of emails that can sometimes be quite transparent in nature. They can pretend to come from a bank, the tax authority, postal or distribution companies or other well-known institutions. Sometimes senders have logos or email addresses that are similar to the known institution. Attackers can lure with faster tax refunds or threaten to have an account hijacked. The recipient must quickly click on a link and provide personal information that the attacker can then use for their own gain. Most people see through such scams, but for the attackers, it may be enough for some of the recipients to get caught in the web.
Spear phishing
In these cases, the attackers are more sophisticated and target selected individuals or organisations. The attackers have often done a solid preparation to make the message look as credible as possible. You may have found out a lot of personal information about the recipient. Spear phishing is aimed at key people such as managers and managers in finance departments, people who have access to sensitive information within the organisation. If you can extract account information and passwords from them, it can be worth its weight in gold to the fraudsters.
Whale phishing
This type of phishing is aimed at senior executives such as the CEO, with access to the organisation's most important resources. If you can skillfully maneuver such a key person to give away the organisation's most important data, it can cause great damage that can be very costly and take a long time to repair.
Other methods
CEO scams
It's about pretending to be a senior manager and sending emails that seem to come from his real email address. By sending false messages from there, you can get employees to perform actions that can cause great harm to the organisation.
Human Factor
Common methods in attackers are to take advantage of human qualities such as curiosity, gullibility and impulsivity. You can attract with profits or be intimidated by the fact that something terrible can happen if you do not act fast enough. It should be remembered that reputable companies never request account or password information via email or text message. Never give out such information. Never click on unknown links!
The most common cyber attack
Phishing is the most common way of making cyber attacks and the methods are becoming more sophisticated. It may be easy to think that you yourself would not go on a fraudulent message on the computer, but since so many phishing attacks succeed, one can never be sure. A good way to increase vigilance is to train the organisation's employees with phishing training under professional guidance.
Do you need help with protection against phishing? Learn more about our simulated phishing campaigns!