Online phishing, which aims to steal the confidential information of an individual through emails or false web pages, is a real scourge. It is a common tactic that it is imperative to know to guard against, especially since cybercriminals are more and more creative in their attacks. Here are the essential points to better understand and avoid phishing online.
What does phishing?
The phishing, is a technique of Social Engineering used by fraudsters or hackers in order to subtilize the personal information of an individual, like his passwords, his banking information and other confidential data.
It is generally in the form of an email arrived from a known entity of the victim (bank, social security, taxes, telephone operator, paypal, etc.), which is invited to answer or click on a link for a reason x or y. The latter can either redirect the individual on a page where he is asked to inform his personal information, or allow a malicious program to enter directly into his computer.
Once done, the criminals have this information and can then use it (steal your identity, access your accounts, etc.), either resell them. It is clearly a usurpation of identity since the cybercriminals is happening for someone else to deceive the confidence of the victim.
To more easily deceive the victim, the message can sometimes induce an urgent or stressful situation as putting pressure on the recipient by threatening it with a fine or arrest if it does not regulate a payment.
What are the main types of phishing online?
The phishing Spray and pray consists of sending a very large number of addresses to an email whose goal is to generate for the recipients a sense of urgency so that these react to it without really thinking. It usually invites answering directly by giving its information or to click on a malicious link.
The Spear phishing, looks like “spray and pray” but in a more advanced version since it addresses this time to a targeted audience with more personalized messages, imitating Often a known organization of the recipient to usurp his information.
The Whale Phishing targets major organizations (directors, CEO, senior executives, etc.). The fraudsters go beforehand, carefully study their target in order to create a perfectly targeted and elaborate message, pretending to be a person of trust. They will then ask the manager in question a sum of money or confidential information, by believing that this request is justified.
The Pharming is part of the most dangerous attacks. It consists of exploiting the faults of DNS services. The fraudster will send fraudulent emails that seem to come from sources of confidence, enjoining the recipients to quickly make an action like changing a password. The latter will then be redirected on a false web page resembling in every respect to the truth. Once the information is filled, the fraudster can then recover them.
How to detect and avoid a phishing attempt?
First, it is imperative to read several times an email from an organization (even known) or a sender you do not know. Check the turn of sentences, spelling, but also and especially the URL of the page and the full email address of the sender. Regarding the URL, point it with your mouse to have it completely then compare it with the one page of the real site open beforehand on your search engine to see if certain elements differ.
Always keep in mind that trust entities (bank, government, etc.) never ask users to transmit their confidential information by email.
Another detail to take into account: If the message releases a strong sense of emergency and weighed threats on you, check the above items. Same for emails Announcing the gain of a large amount of money seeming out of nowhere.
Finally, it is advisable to use a VPN to secure your online activities.