Phishing: What it is, what the existing types are, and how to protect yourself
Phishing is one of the most widely known scams in the cybersecurity world, and statistics show that people still need to be informed about the subject, as in 2021 alone more than 150 million Brazilians were victims of this type of scam.
What is phishing?
Phishing is a digital scam in which criminals use bait to encourage victims to click on links, download files or inform data. This way, criminals are able to access accounts and cards, practice identity theft scams, carry out financial transactions, and other crimes.
What types of phishing are there and through which channels are they sent?
E-mails are the main channel through which phishing is sent. According to research by Avast, 71% of users interviewed were impacted by phishing via email and, of these, 46% fell for the scam.
However, phishing attempts arrive through many other channels, like SMS and phone calls… In addition, criminals use different strategies according to the type of victim, as well as the data they seek to obtain. Let's see how phishing works for each of them.
Smishing: A phishing sent via SMS. They usually target the victim's emotions, talking about debts or a large benefit they can receive.
Vishing: A type of phishing that uses voice mechanisms. Criminals tend to impersonate bank or telephone company employees to obtain personal data.
Blind Phishing: This is the most common of all, and it is when emails are sent in bulk without much of a strategy, relying only on the “chance” that a user will fall into the trap.
Spear phishing: A type of phishing that targets a specific group, such as a company's customers, the employees of a governmental agency, or a specific person. One of the goals of spear phishing is to access databases that store sensitive information.
Clone phishing: In this type of phishing, criminals intercept a legitimate email which was sent to the victim to create a fake message very similar to the original, with an almost identical layout, sender and title. Instead of attachments and links, they insert malware or other types of viruses.
Whaling: The term comes from the term whale. This type of phishing is aimed only at “big fish”, i.e., top executives or celebrities.
How to identify and protect yourself from phishing
Be on the lookout
Whenever you receive emails, SMSs or calls that talk about debts or attractive opportunities, check the sender and the wording of the message, and avoid clicking on links or downloading attachments. When in doubt, contact the company directly through its official channels.
Have an active antivirus
Even the free versions of antiviruses can protect your devices in case you fall victim to a phishing scam.
Two-Factor Authentication
In all possible cases, enable Two-Factor Authentication to make it harder for your accounts to be invaded. Remember that you should never share verification codes with anyone and never use them on channels other than the official channels for that account. Since this is your protection barrier, this code is frequently targeted in cyber attacks.
Use a Firewall
A Firewall checks the websites you visit and warns you if there is suspicious traffic.
A SSL Security Certificate
Whenever you visit a website, make sure it has the security seal which appears as a closed padlock next to the URL. Never log in to or carry out transactions on websites that do not have this certificate.
Conclusion
The main tool to protect against any type of phishing, in addition to software and technologies, is knowledge. It is therefore essential to create a cybersecurity culture not only in your personal life but also in your company. Therefore, even if new technologies and strategies are used by criminals, you and your team will have the necessary knowledge to identify and prevent scams.
Article originally written in Portuguese by Perallis Security Content Team: Phishing: o que é, quais são os tipos e como se proteger — Perallis Security
