What is phishing? How to prevent it?

Phishing is an attack that attempts to collect personal information using deceptive emails and websites. The following article will introduce you to phishing, common types of phishing, and how individuals can prevent phishing. I hope it will be helpful to everyone.

What is Phishing?

Phishing is a form of fraud and a cybercrime. Attackers will pretend to be reputable entities or individuals via email or other communication channels, using phishing emails to distribute malicious links or attachments that perform a variety of functions, extract login credentials or account information from victims; or automate downloads Malware, which allows victims to infect their own computers with malware.

Types of Phishing

Phishing is rampant, which makes it dangerous . Simulated websites are indistinguishable from the real thing, and hackers are looking for ways to overcome increasingly sophisticated spam filtering. In addition to email and website phishing, there are also "vishing" (voice phishing), "smishing" (SMS phishing) and several other phishing techniques that cybercriminals keep coming up with. Let’s take a look at the common types of phishing attacks.

1. Spear phishing attack

This is a mass phishing with a personal touch. The sender will use the available information to appear legitimate. The most common disguise in this category is banking, where the attack can send your name, address, etc.

It targets a specific person or company, usually to collect victim-specific information in order to more successfully represent that information as genuine. Spear phishing emails may include references to colleagues or executives at the victim's organization, as well as the use of the victim's name, location, or other personal information.

2. Whaling Attack (Executive Phishing)

This is a fish phishing attack that specifically targets senior managers within an organization, usually for Steal large sums of money.

Typical whaling attacks target employees with the ability to authorize payments, with phishing messages appearing to be commands from managers to authorize large payments to vendors, when in fact payments are made to the attacker.

3. Clone Phishing

It collects previously sent emails and copies their contents, replacing any legitimate links with malicious ones. The spoofed account is then used to send the email to the recipient of the original email. Basically, the attacker cloned the legitimate email.

The goal of most clone phishing is to infect a virus on the target computer, with the malware spreading to the branch machine network. As the link disappears, more users become infected, and more infected links are sent.

4. Domain spoofing

It is a new form of phishing that relies on DNS cache poisoning to redirect users from legitimate sites to fraudulent sites, and Trick users into using their login credentials to attempt to log into a fraudulent site.

5. Voice Phishing

It is also called vishing and is a form of phishing that occurs over voice communication media, including Voice over IP (VoIP) or POTS (plain old phone service). The perpetrator would use speech synthesis software to leave a voicemail purporting to notify the victim of suspicious activity in a bank or credit account and request that the victim respond to a malicious phone number to verify his identity - thereby compromising the victim's account credentials.

6. SMS Phishing

Also known as SMishing or SMShing, criminals use text messages to convince victims to reveal account credentials or install malware.

How to prevent phishing?

Although hackers continue to come up with new technologies, we can take some measures to protect ourselves:

1. Use Spam Filter

A spam filter is available. to prevent spam from appearing. Typically, filters evaluate the message's origin, the software used to send it, and the appearance of the message to determine whether it is spam. Sometimes, spam filters may even block emails from legitimate sources, so it's not always 100% accurate.

2. Change browser settings to prevent fraudulent websites from opening

The browser will keep a list of fake websites, and when you try to access the website, the address will is blocked or a warning message is displayed. Browser settings should allow only reliable websites to open.

3. Install the anti-phishing toolbar

The most popular Internet browsers can be customized with the anti-phishing toolbar. Such a toolbar does a quick check of the sites we visit and compares them with a list of known phishing sites.

4. Check your online accounts regularly

Make it a habit to change your passwords regularly and do not use the same password for multiple accounts.

5. Check email links

Before clicking or entering sensitive information, you need to check the spelling of the URL in the email link to ensure safety; never start from a suspicious Email or website download file.

6. Verify the security of the site

Before submitting any information, please ensure that the URL of the website starts with "https" and there should be a close near the address bar lock icon. Check the website’s security certificate.

7. Use anti-virus software

Anti-virus software comes with special signatures that protect against workarounds and vulnerabilities of known technologies.

8. Use a firewall

A high-quality firewall acts as a buffer between your computer and external intruders. There are two different types we should use: desktop firewalls and network firewalls. The first option is a software and the second option is a hardware. When used together, they can greatly reduce the chances of hackers and phishers infiltrating your computer or network.

9. Never give out personal information

As a general rule, you should never share sensitive personal or financial information over the Internet.

10. Learn about phishing techniques

New phishing scams are constantly evolving. If we don’t stay on top of these new phishing techniques, we may stumble into them unintentionally.

The above is the entire content of this article, I hope it will be helpful to everyone's study. For more exciting content, you can pay attention to the relevant tutorial columns of the PHP Chinese website! ! !

The above is the detailed content of What is phishing? How to prevent it?. For more information, please follow other related articles on the PHP Chinese website!