DEV Community

Cover image for Security 101 - Phishing
Pradheepa P
Pradheepa P

Posted on

Security 101 - Phishing

Introduction

Phishing is a deceptive technique employed by cyber-criminals to trick individuals into revealing sensitive information, such as login credentials, financial details, or personal data. The Anti-Phishing Working Group (APWG) report publishes statistics about phishing every quarter, and it's more concerning to find that the attack has been increasing every year and this type of attack targets both individuals and companies. According to the latest report from APWG , financial institutions take the major brunt of this attack.

In this blog, we will explore the various phishing tactics and essential strategies to protect yourself from these malicious attacks.

Types of Phishing

Types of Phishing

The methods of deception vary, ranging from a plain redirect link to malicious websites to more advanced strategies targeting specific individuals or organizations. Following are the broadly-classified categories of Phishing.

Email Phishing:

Attackers send deceptive emails posing as legitimate entities to trick recipients into providing sensitive information.

Smishing (SMS Phishing):

Phishing attacks conducted through text messages, tricking individuals into clicking on malicious links or providing sensitive information.

Vishing (Voice Phishing):

Phishing attacks over phone calls, where attackers use social engineering to manipulate individuals into divulging sensitive information.

Pharming (Page Hijacking):

Redirects website traffic to fraudulent sites using malicious software, aiming to collect sensitive information.

Clone Phishing:

Attackers create replicas of legitimate emails, with minor modifications, to deceive recipients into disclosing sensitive information.

Search Engine Phishing:

Creation of fake websites optimized for search engines to lure users and extract sensitive information.

Recognizing Phishing Attempts

How to Identify Phishing

Though these attacks are often widespread, the victims ignore some common red flags. Learning how to differentiate between legitimate communication and potential threats is essential to identify the phishing attempts. Following are some of the common red flags in the phishing message.

  1. A Sense of urgency or threat
  2. The malicious link that prompts to enter the password
  3. Request for financial transaction on clicking of the link
  4. Prompting to provide full access to your laptop or your mobile phone
  5. Offer or Promotion in the message that is too good to be true.

Protecting Yourself Against Phishing

Phish-Proof

  1. Enable Multi-Factor Authentication.
  2. Change Passwords Regularly to reduce the window of the attack.
  3. Don't give out any financial data or personal information to unsafe or http websites.
  4. Stay informed of similar attacks in your region.

Top comments (0)