Have you ever experienced hacking or stealing your social media accounts? Or even your email service stole by hackers? Well, if you’ve ever experienced it then you’ve experienced early patterns of phishing. So, what do you mean by phishing? Let’s take a look at the following review.
What is phishing?
Reporting from CISCO, phishing is actually a practice of sending fake communications that seem to come from sources with a good reputation. Generally, phishing is done via email and aims to steal sensitive data such as credit cards, login information, or install the malware in the victim’s email.
Phishing comes in as a common crime or cyberattack that can manipulate people by accessing multiple sites or trusted contacts. The term “phishing” itself is thought to have appeared around the mid-1990s with the use of fake email methods. These hackers or phishing actors were originally referred to as “phreaks”.
According to Wired, common phishing is the process of involving emails or personal media accounts belonging to victims. In addition, there is spear-phishing in the form of cyber crimes with special targets and designed as if the perpetrator is known and trusted by the victim by posing as colleagues, relatives, and various other subjects.
In practice, phishing is generally done systematically with certain research through potential victims’ social media accounts such as Facebook, LinkedIn, and various other media to get information on victims and social networks. Phishing actors will then imitate the identity or relevant and interesting topics to lure victims and gain their trust.
Reporting from the Binus School of Computer Science, the term phishing itself comes from the term fishing or fishing. The relevance of the term is in the activity of “baiting” the victim by trapping and stealing important information from the victim’s social media. In related sites, phishing is interpreted as an email-based scammer that is basically a scam on behalf of the victim’s own name.
Generally, phishing is done in the form of impersonation and persuasively invites victims to provide private information. This information could be credit card data, bank books, to various things that harm the victim.
4 Types of Phishing
In practice, phishing has some kind like some have alluded to above. To better understand what these types of phishing are, here are 4 main types of phishing.
1. Phishing email
The most popular type of phishing is e-mail phishing or fake email-based hacking to attract information from victims. This type of phishing is very dangerous because the victim can accidentally open a document link or link listed on the email attachment and it is not impossible that the link contains malware.
Not only that, but this type of phishing can also take the form of documents with malicious macros that can make users or victims leak their account credentials to the perpetrator. Generally, phishing actors through this email register a domain that looks similar to the official domain by using a general email provider such as Gmail. Perpetrators can generally trick the victim by using official company emailed but not using the company’s official domain.
To avoid this type of phishing, it is expected that we are more careful about the various incoming emails and check the validity through the domain address or verification to the relevant company/institution. Because generally, perpetrators use the domains of credible agencies to trick victims.
2. Web phishing
In general, this type of phishing is the easiest to find and the most popular. This is because phishing actors use certain websites as their cybercriminal fields.
We can find web phishing when we find mysterious and interesting link links on a site. Generally, this type of link offers a bonus or a certain convenience that attracts the hearts of site visitors. By clicking on the link, the device will automatically contract malware or users are directed to other sites that contain the filling of personal data under the guise of giving bonuses.
3. Spear phishing
If asked which type of phishing is the most dangerous, then it can be said spear phishing is the answer. This phishing system is very risky because the perpetrator has targeted potential victims.
Similar to phishing emails, spear phishing has generally been developed by greeting potential victims with full names and full information about victims. Spear phishing generally targets specific groups or individuals such as company admins.
The contents of spear-phishing have also been accompanied by certain links or links that can lead victims to malicious sites or actually automatically download malware.
Similar to spear phishing, whaling is phishing by targeting victims. The difference is, the target whaling is people or individuals who have high positions in a particular company. Those who sit in high office or are considered “big men” are usually C-levels in a company.
The mode commonly used by phishing actors of this type generally makes these executives confused because the perpetrator claims to be from a credible institution or institution. With some polished emails and important information, the perpetrator can then make it difficult for the victim by stating the related company is violating the legal consequences and so on.
After toying with the victim with the social engineering method, the perpetrator will direct the victim to click on a certain link in the email that directs the victim to the abyss of malware or major hacking. Generally, whaling actors will target the company’s bank account number, fax number, and personal account number of the victim.