Phishing Attack : Types And Ways To Prevent It

Phishing attack can cost million dollars to business world every year. Email frauds or phishing are on high; attackers send spam emails to innocent users and lure them to click on bogus links. As a result, the dangerous continues and users may lose their money, login details etc. Phishing is an easy way to get information like password, debit and credit card details, account IDs from users. In this infographic, we have tried to focus on types of phishing and steps to avoid phishing. Before going further, let us understand about Phishing.

What is Phishing?

In general, phishing is a form of a fraud in which the attacker imitates as a reputable person or organization and asks users to visit the fake link received in email. Once users click on it, it redirects users to malicious website or login page which is made to trick users to disclose their personal and financial information.

Facts About Phishing Attack:

There are few facts around the world, which are shocking and revealed about impact of phishing attack. Whether an individual or organization, everyone is in radar of phishing.

  • It is believed that around 1 million UK users face phishing attack in a single year.
  • In Intel security Quiz, around 97% respondents failed to identify fake emails.
  • In the past two years, USA companies have lost nearly £508 million because of phishing.

Types of Phishing Attack :

Now, have a look on types of Phishing Attack :

Deceptive Phishing :

Deceptive phishing refers to bulk emails pretended to be coming from a reliable source and lures users to click on it. Such phishing mail is related to verification of account information, system failure message, false account charge, change of account and leads to account theft of a user.

Spear Phishing :

Spear phishing targets a specific organization and look for unauthorized access to sensitive data like financial gain, trade and government secret, or defense information. Such messages appear to come from reliable source, which pretend to be authority person of an organization.

CEO Fraud :

CEO Fraud relates to a fake email spoofs from the boss and tricks an employee of an organization into paying funds or disclosure of a company data. Such fraud fools an executive and gets the access of email inbox or sends email to employees from a duplicate domain name with little change in name.

For example, attacker uses examp1e.com instead of original example.com domain name.

Pharming :

Pharming attack is an act of modifying host file or DNS based phishing where a URL and subsequent communication leads user to a fake website and users remain oblivious regarding controlling person of that fake website.

Dropbox Phishing :

Dropbox phishing attack targets users by requesting them to click on the link to secure their account or download shared document. Once the user downloads the document or follows a link, the malware hidden in the link or attachment starts to download on computer system.

Google Docs Phishing :

Google Docs phishing is very tricky phishing attack that shows subject line “Documents” and directs to Google Doc link. Moreover, the address bar also indicates google.com domain but it redirects users to a fake login page that looks-alike google login page where users innocently enters credentials. The object of scammers is to gain access to Google Play, Gmail and android apps where Gmail credential is configured.

Phishing Attacks

Prevent from Phishing Attack :

There are certain precautions a user can take to prevent victim of phishing attack, discussed as under :

  1. Hover mouse on a link received in email that will show you the right address in taskbar.
  2. Check grammar and spelling mistakes in email as phishing mail have grammar errors.
  3. If any mail is giving ultimatum or alert, you should contact to the relevant authority.
  4. Consult with your boss or authority person if an email is asking confidential data from you.
  5. Check for SSL in case of ecommerce, bank or financial website.
  6. Enable two-factor authentication for email login or any service where login is required.

Conclusion:

The fundamental protection of your data is to make aware yourself about phishing attack and its prevention tips, which we have tried to highlight through Infographic. It is better to avoid such phishing mail as it contains dangerous malware. For companies, they should also arrange knowledge base training for employees to avoid these types of phishing frauds.

digiCert
SSL2BUY