Phishing: everything you need to know about this cyber threat

The first phishing scams started long before the year 2000; with technological advancement, scammers have also improved their tactics. Here is how to recognize them in order to be able to guard against them.

The phishing or Phishing is a method to scam online where criminals attempt to collect personal information. It works through malicious emails or websites that scammers send to you. Here you will find everything you need to know about this form of cyberattack.

Phishing is a form of cyber attack where the scammer uses your email through malicious emails or websites . Having started in the 1990s, phishing has grown over the years.

The phishing email usually contains a link to click or an attachment to download. By the time you download the attachment or click on the link, the evildoers have managed to break into your privacy.

Otherwise, scammers attempt to build trust in an attempt to gather information. In this case, they are masquerading as a real person or a company that you can collaborate with.

They try to obtain sensitive information in this way. One of the most common forms of phishing is when thieves ask for your account password in order to withdraw your money from your bank.

The word “phishing” is taken from the word “ fishing “ which means fishing. The term originated by analogy to fishing where the fisherman hooks to bait the fish. The email serves as bait and the victim is the fish.

The word phishing originated in the mid-1990s when attacks were carried out against some AOL (America Online) users . AOL being the first internet service provider.

In addition, hackers have a habit of spelling terms using “ph”. This would be another reason that led to the adoption of the term “phishing”.

However, phishing is closely related to phreaking , where hackers play sonic sounds in telephone handsets in order to make free calls.

The first phishing attacks allowed scammers to obtain passwords. With the passwords they obtained, they used algorithms in an attempt to create random credit card numbers .

The success rate was minimal, however, the amounts withdrawn were much higher.

In addition to this, the randomly created credit card numbers have been used to open AOL accounts. With the accounts thus created, the cybercriminals attacked other users.

Scammers have also used special programs, like AOHell, to simplify the phishing process.

In the face of these multiple attacks, AOL has created security measures aimed at ending the use of random credit cards.

The first phishing attacks were recorded in the mid-1990s by generating random credit cards. However, phishing has changed a lot over time.

In 2001, phishers began to interfere with online payment systems by attacking E-Gold. Although this seems to have failed, it resulted in a long series of phishing attacks.

In 2003, these attacks targeted eBay and PayPal customers. To do this, scammers use spoofed emails to lure their victims and trick them into updating details: password, identification, etc.

A year later, phishing enabled scammers to carry out attacks on banking sites and their customers. This caused more than a million victims in the United States between May 2004 and May 2005. The losses were estimated at around 929 million dollars. For businesses, phishing has caused around $ 2 billion in losses per year.

The arrival of Bitcoin in 2008, followed by other cryptocurrencies likeDogecoinor Ethereum, seems to be a response to phishing. The cryptomonnaies helped secure online transactions.

Cryptocurrencies have slowed the evolution of phishing because of its encryption system, the blockchain . This is why merchant sites have started to integrate virtual currencies into their payment system.

For its part, phishing continues to evolve in the shadows. Many specialized software can be found for sale on the black market.

With the covid-19 crisis , phishing cyber attacks have increased exponentially.

Seeking guidance and advice from company executives, several employees found themselves lured by phishing emails. Scammers send emails that appear to be from the company.

More phishing emails landed in inboxes. They were emails asking for personal information as part of some kind of government aid.

With just one click, the victims’ devices were infected, their account spoofed.

The Phishing Kit is a set of tools that allow cybercriminals to attack even if their technical skill level is low.

With such a kit, they easily launch phishing campaigns. They do this by installing the kit on a server before sending phishing emails to potential victims.

Cybercriminals have a site, the dark web , of phishing kits and mailing lists. Some lists of phishing kits can be found on a few sites, namely Phishtank and OpenPhish.

There are many types of phishing kits, some of which can be used to spoof trusted brands (Microsoft, Dropbox) in order to increase the chance of getting a click.

Phishing attacks are categorized according to several criteria.

First, we can group them together according to the goal of the attack. Scammers have one of two goals: to trick the victim into posting sensitive information or to invite them to download malware.

In this type of email, the phisher includes a malicious website that looks like the victim’s bank. He ensures that at least one recipient is a customer of the bank in question.

When the victim clicks on the link to the pirate site, he enters his username and password. This information will be used by the perpetrator to easily access the victim’s account.

The other type of phishing email involves downloadable software. These software will then infect the victim’s computer.

The files are often .zip or in Microsoft Office document format that includes malicious code.

The majority of this type of phishing email takes the form of . The latter accounted for almost all phishing emails in 2017 (93%).

Sometimes cybercriminals target specific people. There are two types: spear phishing or whale phishing.

Spear phishing targets a specific person . The victim is therefore targeted in advance by collecting information on social networks for example (LinkedIn, Twitter).

Once identified, the victim receives a fake email prompting the target to send out relevant information.

For example, a staff in a company’s finance department may receive an email that appears to be from a colleague. The subject line is a short notice bank transfer request.

As the name suggests, this type of phishing targets a more valuable person , a bigger sum. These are the top officials of an entity who are in the sights of the attackers.

These people are considered more vulnerable knowing that they use their personal e-mail address to communicate with employees. Their account is then out of the company’s cybersecurity protection.

There are other types of phishing such as vishing or snowshoeing, but the ones listed above are the most common and feared.

Phishing changes over time, so it’s important to know how to prevent it. However, this is not possible without knowing how to recognize it.

When you receive emails that appear to be from your bank or other entity, you need to be careful.

A phishing email requests personal information, including information relating to your account.

It may also tell stories to get you to click on a link or an online store website or attachment.

Here are some reasons scammers use to lure you:

• Suspicious activity or connection attempts,
• A problem with your account or your payment information,
• Eligibility for reimbursement or government assistance.

If you received a suspicious email, do not click on the link or attachment.

If you don’t have a relationship with the company or company cited in the email, it’s probably phishing.

In case you are in contact with the company named in the email, instead use your phone to contact the manager directly to confirm their provenance.

If you are convinced that it is phishing, you should forward the e-mail in question to your spam e-mails . Don’t forget to report the email.

It is also recommended to establish a cybersecurity system such as using VPN to secure your devices and other cybersecurity devices .

Opt for cloud storage systems (pCloud, Google Drive) to store your data securely.

Note: If you want to post an article through our website you can contact us from .

Originally published at https://newshubtunisia.com.