What is phishing, how does it work, and how to defend yourself

“Spear“In Italian it means”Spear“, so the literal meaning is”Spearfishing“.This is a scam committed by cyber criminals through electronic communications such as Emails, messages on social networks or SMS. The target is one person or company precisely identified through the study personal information Which can be obtained online, especially on social networks.

Those with important and specific information about the companies they work for are often targeted, such as executives and accounting staff. In this case a hacker attack is called WhalingOr “whaling” because it targets large fish that carry valuable information.

The scammers’ goal is to steal Sensitive data For victims to attack their finances or, sometimes, to trick them into installing it Malware.

As mentioned, to achieve their goal, they have to Hackers They have to carefully study the person or company they want to hit with their attack SpearfishingOtherwise their trap is unlikely to succeed.

In particular, hackers search online Contacts and social profiles And everything you might need to make them e-mail Or to them More reliable SMS: Information related to the victim’s job role, interests, tax information, and everything they can extract from social networks.

Gathering information lets the scammer know what’s what User bank Or its supplier of a specific product or service. Once you have this data, you can send messages on behalf of the bank and request file entry Banking credentials.

As we mentioned, companies, associations and institutions can also be victims. In this case, the fraudster will collect all possible information in order to create an email or SMS identical to the official one and ask, for example, employees to provide data or click on a link, which is what ultimately falls into the scam.

Unlike traditional phishing,… Spearfishing It follows a more targeted logic. Both types of fraud have the same thing objective: Encourages people to share their sensitive data, but varies in the type of communications sent and the number of users targeted. If phishing consists of sending general electronic communications to as many users as possible, then phishing requires more research and preparation from cybercriminals who try to attract targeted users to their network, through a more specific type of communication, so that it appears to be directed specifically. Identification in the unfortunate person.

There is, too Economic return Subordinate Spearfishing It is completely different from the traditional attack. This is because when choosing who to attack with this technique, hackers carefully choose which targets they can attack Great economic return. However, in traditional phishing scams, hackers send several infected emails in the hope that some users will unconsciously open the content, potentially falling into the trap. However, in these cases, the economic return is generally not noticeable.

Before understanding how to recognize an attack and how to protect yourself, let’s see what the different types of phishing are:

• Attack on company email: Fraudsters illegally obtain a company email account or create a very similar account to pretend to be the owner and steal data from employees or partners;
• Whaling: As mentioned earlier, whaling consists of targeting prominent professionals within companies, often in possession of valuable information. These are the more complex attacks for which the fraudster is required to gather precise and targeted information;
• Phishing angler: Scammers create customer support pages that look very similar to real ones and monitor social media waiting for a user to file a complaint. At this point, the fraudster, posing as a customer support agent, asks for personal information or clicks on links that will lead them to either enter their bank details or install malware;
• Phishing clone: Fraudsters replicate official emails from established companies very carefully in order to send the user false offers, promotions or gifts or impersonate a customer service representative.

To defend ourselves from this type of fraud, it is necessary to know what it is, what it is and how it works. So let’s try to understand more deeply what phishing is through some examples:

• Through what appears to be an official email address, the scammer asks you to click on a link to receive prizes or gifts;
• The scammer pretends to be a customer support representative for a product or service purchased by the unfortunate object of the scam and asks to provide bank account credentials or click on a link;
• Through an SMS, the fraudster warns the victim that his bank account has been hacked and that he must therefore update his data and access credentials;
• The scammer sets up banners with offers designed and created specifically for the victim, whose interests, habits, and information regarding the software update status they know. The victim attracted by the offer will be redirected to a link to install the malware.

to Defense against phishing attacksAs with traditional phishing, it’s important to follow some simple but important behavioral guidelines. In the case of phishing, you have to pay more attention, because there are a larger number of emails Detailed and difficult to recognize Compared to those created for traditional phishing. In the Corporate environments A great way to prevent phishing incidents is to do this Employee training.

It is important Keep operating systems updateduse theTwo-factor authentication And implementation Automatic backups Their data in order to facilitate the recovery process in the event of a breach

Another essential aspect, useful for defending against a phishing attack, is to be aware of the possibility of:

• Grammatical errors Clear or Writing errors In the subject or body of emails;
• Unusual language. If the sender is your employer or one of your social media contacts, you should pay attention to the language and writing style.

In any case, the The best way to defend yourself This type of threat is just that Common sense: Before opening any link, whether it’s in an email or a QR code, it’s always a good idea to check the site it links to. People who most often fall victim to this type of Pirate attack They are the ones who open any link that comes to them without thinking.