Many tend to do their daily work by relying on the services provided from different internet sites such as electronic shopping and conducting financial transactions and many others, in order to save effort and time. However, what defects these services is the declaration of the user’s personal information, his different account numbers and passwords, which constituted an environment that attracted cyber criminals who devoted themselves to inventing methods and methods of phishing and phishing to get what they wanted without the user feeling anything.
Definition of electronic phishing
Phishing is a term used to refer to a person or group of people defrauding Internet users by sending email or creating pages designed to collect information about users ’bank accounts, credit cards, and any personal information, and because these pages and e-mail appear to belong to regular companies, users may trust them They enter their personal and sensitive information.
Electronic phishing methods
Phishing attacks usually depend on the social communication techniques used to send email and the rest of the electronic means of communication such as direct messages sent through social networks and SMS text messages and the rest of the direct messaging methods.
Online phishing may use social engineering and other public sources of information, such as social networks such as Linkedln, Facebook and Twitter, to collect basic information about the victim's personality, work history, interests and activities.
The exploration process prior to an online phishing attack enables obtaining names, addresses of work, and e-mail addresses of potential victims, as well as information about the victim's colleagues and the names of employees in the institution in which he works, as all of that information can be used to create an email that cannot be discredited. Attacks, including those carried out by perpetual advanced threat groups, usually begin with spoofing email containing malicious link or cookies.
Online phishing may use social engineering and other public sources of information, such as social networks such as Linkedln, Facebook and Twitter, to collect basic information about the victim's personality, work history, interests and activities.
The exploration process prior to an online phishing attack enables obtaining names, addresses of work and e-mail addresses of potential victims, in addition to information about the victim's colleagues and the names of employees in the institution in which he works, where all of that information can be used to create an email that cannot be discredited. Targeted attacks, including those carried out by perpetual advanced threat groups, usually begin with spoofing e-mail containing malicious link or cookies.
Phishing e-mails usually have a weak and clearly counterfeiting style, yet groups of cyber criminals use the same techniques as professional marketers to find out the most effective types of messages, and phishing campaigns often take advantage of important events, holidays, and annual events in addition to exploiting the correct breaking news from them or The False.
The victim receives a message that appears to be sent by a known party or organization and the attack is carried out by a fake cookie that includes phishing software or via links linked to fake websites, in both cases the goal is to install malicious software on the user's device or direct it to a fake website and is equipped to catch it and get On personal and financial information such as passwords, account IDs, or credit card information.
The e-mail sent can include the logos of a company, its data and identification fees after obtaining it from the company itself, and the links used in phishing messages are usually designed to appear as if the victim will be transferred to the company if they are pressed.
The exploration process prior to an online phishing attack enables obtaining names, addresses of work, and e-mail addresses of potential victims, as well as information about the victim's colleagues and the names of employees in the institution in which he works, as all of that information can be used to create an email that cannot be discredited. Attacks, including those carried out by perpetual advanced threat groups, usually begin with spoofing email containing malicious link or cookies.
Online phishing may use social engineering and other public sources of information, such as social networks such as Linkedln, Facebook and Twitter, to collect basic information about the victim's personality, work history, interests and activities.
The exploration process prior to an online phishing attack enables obtaining names, addresses of work and e-mail addresses of potential victims, in addition to information about the victim's colleagues and the names of employees in the institution in which he works, where all of that information can be used to create an email that cannot be discredited. Targeted attacks, including those carried out by perpetual advanced threat groups, usually begin with spoofing e-mail containing malicious link or cookies.
Phishing e-mails usually have a weak and clearly counterfeiting style, yet groups of cyber criminals use the same techniques as professional marketers to find out the most effective types of messages, and phishing campaigns often take advantage of important events, holidays, and annual events in addition to exploiting the correct breaking news from them or The False.
The victim receives a message that appears to be sent by a known party or organization and the attack is carried out by a fake cookie that includes phishing software or via links linked to fake websites, in both cases the goal is to install malicious software on the user's device or direct it to a fake website and is equipped to catch it and get On personal and financial information such as passwords, account IDs, or credit card information.
The e-mail sent can include the logos of a company, its data and identification fees after obtaining it from the company itself, and the links used in phishing messages are usually designed to appear as if the victim will be transferred to the company if they are pressed.
Phishing patterns
Spear-phishing attacks :
This type of phishing attack is directed at specific individuals or companies, who usually use special information about the victim previously gathered to create the message successfully to appear more reliable. False e-mail of this type may include references to co-workers or officials in the company where the victim works, in addition to using the victim's name, location, or other personal information.
Whaling phishing attacks :
It is a type of Spear attack aimed at senior executives within the organization to steal more information, where spear-phishing attackers search for their victims in detail to create messages that are more likely to deceive them because the use of relevant information increases the chances of a successful attack.
Shoeing Pharming :
It is a type of phishing that relies on sabotaging the DNS server's memory in order to redirect users from the real site to the fake and trick them to use their login information to access the fake site.
How to protect from phishing
Despite its seriousness and multiple methods, protection against it is possible and easily. 3
You can follow these steps:
- Use updated computer security tools such as antivirus, antispyware, and firewall software.
- Refrain from opening suspicious or anonymous attachments within the email.
- Do not disclose personal information requested by e-mail, such as name and credit card number.
- Check your website’s URL more than once to verify its reliability by typing the actual URL into your web browser.
- Check the website's phone number before making any calls to the number shown in the email.
Tips for online phishing
In the event that you are a victim of an electronic phishing, quickly log in to your account from the company’s page and change the password directly. It is also preferable to conduct a computer scan to search for malicious software if the site does harm to it.
Finally, if the company supports the two-factor authentication feature, it is okay to activate it on your account, and in the event your personal information is stolen, it is best to monitor your accounts to ensure that there are suspicious activities.
Post a Comment