Phishing is one of the most used attacks by cyber criminals who want to gain personal data, banking credentials, and user accounts. Phishing is not a new threat, in fact it has been used for a long time, however, victims of this type of attack are still on the rise.
In this article we are going to explain what phishing is, types of phishing, how we can identify them and how we can protect ourselves. The dangers of the Internet are ever-present, but we can protect ourselves from them with a little caution, knowledge and awareness.
What is phishing?
Although there is no definition of phishing itself, we can define it as the techniques or methods used by cyber criminals to obtain confidential information from their victims; This information can be personal data, user accounts and passwords or bank details. Therefore, phishing is a type of computer fraud.
The meaning of phishing comes from the English word “fishing”, and by which it refers to the fact of using a bait to get the victims of the attack to bite.
Cybercriminals who carry out phishing attacks are called “phishers”.
How does phishing work?
One of the characteristics of phishing is that it is a social engineering technique that cybercriminals use to scam their victims and achieve their goals.
Usually, an attacker sends an email in which they pose as a company or organization (such as banks, streaming platforms, online stores, etc.). The email mentions a problem that needs to be solved (the “threat” of blocking credit cards or user accounts is common) and contains a link that the victim will have to click to solve it.
This link normally leads to a fraudulent website, but which imitates (sometimes very well) the real page of the company in question. Here the victim will be asked to enter different types of data, depending on the intention and objective of the phishing attack and the hackers behind it, or some type of malware will be directly be downloaded to the victim’s computer, allowing them to access the information stored in it.
Although it is commonly used in emails, the truth is that there are other avenues of attack, such as instant messaging services, SMS, messages on social networks or even voice messaging applications or the telephone.
The content that we can find in these messages can vary from referring to cards or bank accounts, we can also find other types of content such as false job offers, promotion of new products, alleged lottery in which we have been winners, cancellation of user accounts in online games, etc.
As we will know in the upcoming blogs, there are various types of phishing attacks, however, their objectives are usually always similar, to obtain personal and banking details of the victims.