what is it and different types that exist



I know alert of a phishing campaign in which they supplant the Ministry of Economy and Business of Spain; Be careful with the Lidl kitchen robot, they are not going to give it to you but you will receive an email that says yes; ING alerts its customers to a new phishing attack that may arrive by email or SMS; an SMS scam that reaches mobile phones in Spain pretends to be the FedEx messenger; or you are sending a text message impersonating the logistics company DHL to notify you of the upcoming receipt of a shipment.


It is very common news that we are going to read often, that affects our lives and they always have the same conclusion and warning: DO NOT OPEN IT!.




What is phishing




Phishing



The phishing is a fraud. Its objective is to capture or steal private data of users: access names to bank accounts, passwords, credit card data, etc. To get this information it resorts to the falsification of pages that the user knows (commonly companies or public administrations), they are duplicated and the confidential data that they want to obtain are entered into it.



There is no word in Spanish for it, but Anglicism is used. But comes from the verb to fish. And really, it catches the user, tricks him, like a bait does with a fish, and manages to get hold of his information in order to steal his data.












Broadly speaking, to understand this practice in its most common version, you must know that the user receives a text message (SMS) on their mobile, an email to their mail account or a message in an app such as WhatsApp, Telegram or Facebook Messenger. That message can offer you a gift from a company (commonly known signatures are used), ask for a favor as if it came from a friend or offer a common service that people tend to need or the solution to a service (for example, saying that your bank, the public treasury or a courier company needs some data to perform a conventional task).



In general, this practice relies on social engineering and its success is based on the confidence you have in the company or institution or person being impersonated.







This website allows you to check if your email or domain has been used in Emotet attacks, "the world's most dangerous malware"





These messages are accompanied by a link. When you enter the link, you will get to another page. There are times that it is easy to see that the page is not well designed and even has serious spelling mistakes. But sophisticated attacks show pages that look totally real. And on that other page you must enter some information. Usually related to your bank and personal details. If you enter it, you are giving it to the creator of the scam and, with that information, they can make the purchases they want while you are not aware and talk to your bank to take action and change your card or cancel your payments for a while .



How phishing came about



Phishing is an ancient fraud that, despite the passage of years, does not lose steam. The term "phishing" was first documented in early 1996 by the Usenet news group AOHell and wanted to name a scam that was using the giant AOL to get private user data.



25 years later, phishing is still going strong. There is hardly a week in which Genbeta don't have to report major phishing cases landing in email inboxes of users, in a social network or in their phone SMS. There are no global figures on the money that this technique manages to steal from companies and citizens each year, since not everyone reports what happens. Moreover, sometimes, the theft from each of the users is cheap, so people do not bother to go after the scam. But if we consider that millions of people can become victims of one of these scams, it is a beneficial practice.



What is clear is that, after the malware, Phishing is the second most used technique in terms of cyberattacks in the world, if you take a look at the studies of large companies, such as Cisco, on the main types of cyber attacks.



Types of phishing




phishing



To identify one of these attacks, the best thing you can do is to know the types that there are. The most common are:



  • Deceptive phishing. The most common. Deceptive means deceptive. A hacker sends the user an email message posing as a person, company or entity. If what you send is an SMS then it is known as Smishing. It requests some type of personal information or contains a malicious link that sends the user to a fraudulent web page where the login information is requested. If it is a well-prepared attack, it usually carries the company logo, uses a similar font or the name of the website to which it redirects you is similar to that of the real page (but it is not the same). Under any excuse prompts the user to enter sensitive personal information that is later captured by the attacker. Phishing cases impersonating FedEx, DHL or ING in recent weeks are among these most common attacks.






How (and to whom) to report Internet fraud and SMS scams such as WhatsApp, FedEx or Correos





  • Malware-based phishing. In this case, the user receives an email that impersonates a brand's identity, also including as an attached document a file that is malicious and that once opened, infects the victim's device. A common form of this malware-based phishing is as if it were a service company that Attach your latest invoice in PDF format for you to download. Once opened, it infects the computer. This 2021 in Spain began with an attack that impersonated Correos to infect a computer with malware. In December, an email was widely spread that attached a file that supposedly reported restrictions due to Covid-19 but infected a PC or mobile.


  • Vishing. The word mixes the terms voice and phishing. It is not so common because it requires a lot of elaboration to achieve its goal. These attacks They use social engineering to deceive victims through phone calls. The attacker, who makes calls, pretends to be a worker, technician or an organization and under this pretext tries to get the victim to provide personal or bank information or to make any financial contribution. As in the case of 'phishing', the vishing hook can be very different each time. From participating in a raffle, collecting a gift voucher or receiving technical support.


  • SEO Phishing. Using SEO positioning techniques in search engines, attackers make a deceptive page rank among the most important on a search engine such as Google or Bing. Thus, if a user searches, for example, for information about his bank, The objective is that this website appears among the first results and the person thinks that he is actually entering the website of his bank or to make purchases. By making purchases or accessing with credentials, you will be giving very important information that the attacker can steal.