Phishing is the cybercrime act of sending an e-mail falsely claiming to be an established legitimate business in an attempt to deceive the unsuspecting recipient into divulging personal, sensitive information such as passwords, credit card numbers, and bank account information after directing the user to visit a specified website. The website, however, is not genuine and was set up only as an attempt to steal the user's information.The information is then used to access important accounts and can result in identity theft and financial loss. Internet fraud is the use of Internet services or software with Internet access to defraud victims or to otherwise take advantage of them.
Types of phishing attacs:
Spear phishing - Spear-phishing emails are targeted toward a specific individual, business, or organization. And unlike more generic phishing emails, the scammers who send them spend time researching their targets. The technique is sometimes called social engineering. These criminals will send emails that look like they’re from legitimate sources
Clone phishing is might be one of the most difficult to detect. In this type of phishing attack, scammers create a nearly identical version of an email that victims have already received. The cloned email is sent from an address that is nearly, but not quite, the same as the email address used by the message’s original sender. The body of the email looks the same, too. What’s different? The attachment or link in the message has been changed. If victims click on those now, it will take them to a fake website or open an infected attachment.
Whaling attacks target chief executive officers, chief operating officers, or other high-ranking executives in a company. The goal is to trick these powerful people into giving up the most sensitive of corporate data. These attacks are more sophisticated than general phishing attacks and require plenty of research from scammers. They usually rely on fraudulent emails that appear to be from trusted sources within the company or from legitimate outside agencies.
Pop-up phishing is a scam in which pop-up ads trick users into installing malware on their computers or convince them to purchase antivirus protection they don’t need.
These pop-up ads sometimes use scare tactics. A common pop-up phishing example is when an ad might pop up on a user’s screen warning the user that their computer has been infected and the only way to remove the virus is by installing a particular type of antivirus software. Once the user installs this software, it either doesn’t work or, worse, actually does infect the computer with malware
Email Phishing The basic phishing email is sent by fraudsters impersonating legitimate companies, often banks or credit card providers. These emails are designed to trick you into providing log-in information or financial information, such as credit card numbers or Social Security numbers.
Other spoof emails might try to trick you into clicking a link that leads to a fake website designed to look like Amazon, eBay, or your bank. These fake websites can then install malware or other viruses directly onto your computer, allowing hackers to steal your personal information or take control of your computer, tablet, or smartphone. A phishing example? You might receive an email that looks like it was sent by PayPal. The email might say that you need to click on a link to verify your PayPal account. If you don’t? The email says that your PayPal account will be shut down
How to recognized phishing attacks?
Too good to be true offers. Phishing emails may try to hook you with what appears to be incredibly cheap offers for things like smartphones or vacations. The offers may look irresistible but resist them. They’re likely phishing emails. Lucrative offers and eye-catching or attention-grabbing statements are designed to attract people’s attention immediately. For instance, many claim that you have won an iPhone, a lottery, or some other lavish prize. Just don't click on any suspicious emails. Remember that if it seems to good to be true, it probably is!
A bank maybe not even your own — is asking for your account information or other personal financial information. Your bank, or any financial institution, will never ask for your Social Security number, bank account number, or PIN by email. Never provide this information in response to an email.
Spelling and grammatical mistakes. There was a time when you could easily spot phishing emails because they were littered with spelling and grammar mistakes. Scammers have gotten better at avoiding these errors, but if you do receive an email littered with typos and weird language, that email might be sent from someone phishing.
The generic greeting. Phishing emails might not be addressed specifically to you. Instead, the email might start with a generic greeting such as “Dear Sir or Madam” or “Dear Account Holder.”
A call for immediate action. Phishers want you to act quickly, without thinking. That’s why many will send emails asking you to immediately click on a link or send account information to avoid having your bank account or credit card suspended. Never reply hastily to an emergency request. Urgent requests for action are often phishing scams.
Senders you don’t recognize. If you don’t recognize the sender of an email, consider deleting it. If you do decide to read it, be careful not to click on links or download files.
Senders you think you recognize. You might get a phishing email from a name you recognize. But here’s the catch: That email may have come from the compromised email account of someone you know. If the email requests personal information or money, it’s likely it’s a phishing email.
Hyperlinks, If you receive an email that requests you click on an unknown hyperlink, hovering over the option might show you that the link is really taking you to a fake, misspelled domain. This link is created to look legitimate but is likely a phishing scam.
Attachments. The sender included attachments that don’t make sense or appear spammy. If you see an attachment in an email you weren't expecting or that doesn't make sense, don't open it! They often contain payloads like ransomware or other viruses. The only file type that is always safe to click on is a .txt file.
How to prevent phishing attacks?
Don’t open suspicious emails. If you receive an email supposedly from a financial institution with an alarming subject line such as “Account suspended!” or “Funds on hold” delete it. If you are worried that there is a problem, log in to your account or contact the bank directly. If there really is a problem with your bank account or credit card, you’ll find information once you’ve logged in.
Don’t click on suspicious links in emails. If you do open an email from someone you don’t know and you are instructed to click on a link, don’t. Often, these links will take you to fake websites that will then encourage you to either provide personal information or to click on links that might install malware on your computer.
Don’t send financial information through email. Your bank or credit card provider will never ask you to provide bank account numbers, your Social Security number, or passwords through email.
Don’t click on pop-up ads. Hackers can add fraudulent messages that pop up when you visit even legitimate websites. Often, the pop-ups will warn you that your computer is infected and instruct you to call a phone number or install antivirus protection. Avoid this temptation. Scammers use these ads to either install malware on your computer or scam you out of a payment for a computer clean-up you don’t need.
Use spam filters. Spam filters can help block emails from illegitimate sources, but you should always use your best judgment in case phishing emails get past your blocker.
Sign up for antivirus protection. Make sure your computer is protected by strong, multi-layered security software.
Installing and running trusted security software may provide real-time threat protection, help you create and manage unique passwords, and help protect your personal files and financial information from phishing attacks and other scams