As I said in one of my earlier articles, phishing is easy to execute, and it requires minimal effort; therefore, many cybercriminals use this method. The criminals sent fake emails and text messages and created a website that looked authentic. They use email, messages, and websites to steal personal and financial information from users. This is also known as spoofing. It occurs when a cybercriminal sends a fake email masked as it is from a legitimate and trusted source.
An example of phishing is a bogus email that looks like it came from a legitimate source asking the user to click a link to claim a prize. The link may redirect to a bogus site asking for personal information, or it may install malware. Criminals are also used to get their target using the telephone or text message from someone posing as a legitimate institution to attract people into providing sensitive data such as identity, banking, credit card information, and passwords. Then, the information is used to access important accounts and can result in identity theft and financial loss.
Spear Phishing
Criminals attack extreme targets using spear phishing. Both phishing and spear-phishing use email to reach the victims. Criminals send customized emails to a specific person in spear phishing. They research the target’s interests before sending the email. For example, a criminal learns the target that he is interested in book reading. The criminal joins the same book discussion forum as a member, forges book reading links and emails the target. When the target clicks on the link, he or she unknowingly installs malware on the computer.
How phishing works
Phishing is prevalent with cybercriminals because it’s far easier to trick someone into clicking a malicious link in a seemingly legitimate phishing email than trying to break through a computer’s defenses.
Its attacks generally transmit using social networking techniques applied to email, including voice calls, messages over the social network, SMS text messages, and other instant messaging modes. It may also use social engineering, including social networks like Facebook, LinkedIn, and Twitter, to collect information about the target’s interests, activities, and work history.
Before the attacks, the phishers expose the targets’ names, job titles, and email addresses. They also collect information about their colleagues, job titles, and key employees. Then, the data can be used to email a victim to get their beliefs.
Generally, a Phishing message appears to have been sent by a known contact or organization. There are two methods of attacks: through a file attachment with phishing software or links connecting to malicious websites. The third goal of phishers is to install malware on victims’ computers and trick them into divulging personal and financial information, such as passwords, account IDs, and credit card details.
Successful phishing messages generally represent a well-known company, but they are difficult to differentiate from authentic messages: Malicious links in the messages are usually well-designed. Subdomains and misspelled URLs are common tricks, as are other link manipulation techniques.
