What is Phishing? Types and Prevention
The criminally fraudulent process of trying to illegally obtain sensitive information such as passwords, usernames, credit card or banking details by masquerading as a legitimate entity in an electronic communication is known as Phishing.
Types of Phishing
Phishing is usually done out by text messages or email, and it often directs users to enter their personal details on a fake website that looks similar to the legitimate one. Since the fake website is similar to the original one, it requires tremendous skill to determine whether a website is fake or not.
- Misspelled URLs: Phishers use deceptive techniques, which design a link in an email (and the spoofed website it leads to) apparently belonging to the spoofed organization by using misspelled URLs or sub-domains. Sometimes the phishers make the anchor text for a link appear to be valid, whereas the link actually goes to the phishers’ site.
- Whaling: Phishing attacks directed towards high-profile targets, senior executives within the businesses are known as Whaling.
- Image Phishing: Phishers have also used images instead of text to make it difficult for anti-phishing filters.
- Cross-site scripting: An attacker can even exploit flaws in the original website’s script against the victim, making it even more difficult to detect since everything from the web address to the security certificates seem to be original. This technique is known as cross-site scripting.
- Phone Phishing is the case where a customer gets a call asking him to call back to discuss his problems while accessing his bank accounts. The person then is trapped into giving his sensitive information, such as credit card information and the like.
Measures to counter Phishing
People need to change their browsing habits when it comes to Phishing. For example, when asked to reveal their sensitive information, they should directly contact the company to make sure the mail is genuine and shouldn’t fall prey to mail that addresses them as “Dear Customer”. Paypal, for instance, makes it a point to address the users by their usernames.
One of the major flaws of the user is the Click-through syndrome, where he treats any pop-ups as a case of misconfiguration and proceeds with his work without heeding the warning of the computer.