It is no secret to anyone that current technologies have increased the ease and immediacy of interpersonal relationships. Which is not always beneficial for users, since will have the ability to contact unknown people and so, They are the perfect target for the various threats existing on the network..
In this sense, currently It is very common to read or hear certain terms such as “social engineering” or “phishing”, which are fully linked to scams and data theft. Therefore, can cause economic losses, lower productivity and greater consumption of corporate network resources.
That is why it is truly essential to know what this type of fraud present on the Internet is about, with the aim of prevent any risk as far as possible. Therefore, we proceed to explain What is phishing and what are all the forms of identity theft that are now handled?.
What is Phishing and how does this type of computer attack work?
Basically, phishing is defined as a scam technique that is carried out through some form of social engineering. Therefore, traditionally, it consists of sending emails that come from apparently reliable sources in order to try to trick the recipient into accessing it, follow their instructions and reveal your sensitive data.
This means that it is a digital practice that has as its main objective, obtain personal, private or intimate information, illegally, from the manipulation of users. Well, using social engineering tools, cybercriminals get the affected person to reveal sensitive data in order to be able to carry out some type of fraud afterwards.
Now, with respect to its operation, we emphasize that is an act carried out by a criminal known as a “phisher” impersonating a well-known personal brand, business, or organization to acquire desired information fraudulently (stealing or impersonating email addresses). Therefore, the practice of this type of attack usually starts with receiving a direct message or email.
Thus, once the victim chooses to open said message, it will contain links to a website where personal data is requested, imitating the portal of the legitimate company. With this, as soon as the person enters that information, the cybercriminals will be ready to commit the fraud immediately and, as a consequence, the affected user You will lose access to your email or experience substantial financial losses..
Due to the methods and tools used by all “phisher”it is really difficult to recognize that it is a message received by cybercriminals, since its appearance can be very professional. However, in case there are inconsistencies, errors or misspellingsis a great indication to know that it is not a reliable email and with it, you will avoid performing any unfavorable reason.
List of all types of phishing attacks that exist with examples
Although, in a generic way, it can be affirmed that all phishing or identity theft practices are linked to social engineeringthere are actually several types of attacks that steal confidential information.
To learn more about them, we invite you to read the following list:
spear phishing
It is considered the most common type of phishing attack and consists of a scam executed via email or social media targeting specific individuals, companies, or organizations. In other words, it is a much more personalized threat because includes the identification of the victim, his position, his phone, etc..
In this way, it is characterized as a kind of phishing that is only directed at a small number of people. with a certain profile within a company or company, whereas, it is normally directed at the weakest link. Thus, its main purpose is steal data for malicious purposes and install malware on the victim’s computer.
url phishing
Another of the techniques most popular phishingconsists of the one that deals with trick the user through a URL belonging to a malicious site which, in plain sight, looks like that of a trustworthy website. Typically, this type of deception gets the victim into inadvertently to that website using Unicode characters similar to the original link.
It should be noted that the phishing URL is more effective on mobile devices, especially those with small screens or low resolution. Now, a clear example of this is this URL “http://www.google.com@members.tripod.com” that appears to be a website available on Google, but in reality it is responsible for sending the browser to the page in question, which is prepared to request the user’s personal information and perform identity theft.
Phishing-Card
Basically, it is similar to traditional phishing, since consists of the massive issuance of emails to different users. But, in this case and as a distinguishing factor, only they focus on simulating the identity of a trusted banking organization.
Thus, once the user chooses to access links corresponding to malicious domains, cybercriminals will have everything ready to request the information of any of your cards from your bank, either credit or debit. From this delusion, they will proceed to make purchases online or withdraw money from your accounts onlinecausing notable economic losses.
email phishing
This is the type of attack also known as “phishing email” and is defined as a digital deception technique that consists of misrepresenting users to steal your confidential information. Thus, depending on the goals of cybercriminals, will choose to request intimate data, access codes or bank information.
As we have pointed out throughout the post, this type of phishing focuses on add links or attachments in the emails they send, to transfer the victim to the website from where they carry out the misdeeds. Which, can be a copy of the original and thus, they manage to deceive the most trusting users.
Phishing Gmail
In recent years, it has been shown the rise of phishing attacks on Gmail accountsIn other words, in this case, cybercriminals do not focus on imitating banking sites to obtain financial gain, for example. Rather, it is a threat that only is directed to the renowned free email service from Google.
This, due to its great popularity and with the aim of taking control of a for so, have access to other services managed by the user. Since, in most cases, Internet users use a Gmail account to register on other platforms or recover passwords. For this reason, they are the perfect target for many phishers who bet on this new technique.
Phishing Instagram
As well as gmail has become a potential platform for phishing practices, Instagram is the new target of this class of digital criminals. Therefore, at present, there have been massive hijackings of accounts of Instagram with phishing emails.
In this way, the perpetrators proceed to send an email with an official appearance (with the Instagram logo and header) and issue information based on the following message “Your account will be permanently deleted for copyright violation”. But, in reality it is a trick for the user to access a link with “more information” where you will have to enter your social network credentials and with that, they achieve their mission to be able to enter to steal information.
Facebook Phishing
Facebook is another of the social platforms in which more phishing attacks are taking place, lately. Therefore, it has become a useful online site for digital criminals who design these types of scams.
Which, are based on the impersonation of the image of a person or service registered on Facebookto deceive other users and be able to steal your confidential data. In this sense, the phishers are in charge of intervening any active vulnerable account in the social network, to proceed to alter your profile data (ie your name and photo). Once this is done, they write messages to all their contacts posing as Facebook, in order to obtain personal information and even credit card numbers.
Phishing PayPal
As if that were not enough, there is a new phishing campaign that attempts to impersonate PayPal, through emails. In this way, the attack begins with an email in which an alleged unusual activity in a user’s account is reported and there, provide a link that the owner must use to verify their identity.
Then, when the victim clicks on the link in question, they will be redirected to a web page that, although visually similar to the official PayPal site, It’s actually an imitation of it.. Thus, from there, they will ask you to secure your account and enter your personal data, in order to “prevent unauthorized access”. Once that is done, the criminal will have obtained everything necessary to make your digital scam come true.
Phishing Amazon
Since the beginning of 2020, the Spanish police authorities have alerted society about a new type of phishing attack that many Internet users and refers to an apparent email issued by Amazon that requests user login to said online portal, “for security”. However, it is only a hoax by a group of cybercriminals who are betting on this new technique.
In this way, if the victim user trusts himself and provides the personal information in question, he will not actually have logged into the application, but rather you will only have given your data to the attacker. Some phishers even target obtain information about your bank card with the reason that “everything works fine again” and thus, to be able to undertake substantial economic scams.
Santander Bank Phishing
Another powerful phishing campaign has also emerged that impersonates the identity of the famous Banco Santander. Which, as in almost all cases of this type, begins with the receipt of a massive email that has this bank as the sender. But, although it seems like a legitimate action, in reality the header of your email allows us to verify that it is not completely reliable.
However, it is very likely that the client is not very detailed and does not find this type of fault, so he will choose access as normal and enter the URL address provided; which is simply an online platform controlled by the hackers in question. So, on the first screen, They ask for the identity document and the password…
Facebook Comments
Disqus