7 Basic Anti-Phishing Rules | Total
Phishing has been known for a long time. The first phishing attacks were recorded
shortly after the advent of the World Wide Web. But even though information security
specialists are creating more and more advanced methods of protection against
phishing, new phishing sites continue to appear every day.
According to some research, in 2016, about 5,000 phishing sites were created every
day. In 2017, this figure will be even higher. The secret to the resilience of this type
of fraud is that it relies not on "holes" in software, but on a vulnerability in the human
entity, which has access to important data. Therefore, it will be useful to remind once
again what phishing is, what are the most common types of phishing attacks, and
how to counter them.
Phishing: Top Examples of Phishing Attacks
Phishing is a socially engineered online scam. The main purpose of phishing is to
gain access to critical data (for example, passport), accounts, bank details, and
classified information to use them in the future to steal money. Phishing works by
redirecting users to fake network resources that are a complete imitation of real
1. Classic phishing - phishing spoofing
Most of all phishing attacks fall into this category. Attackers send e-mails on behalf of
a real company to take over user credentials and gain control over their personal or
business accounts. You can receive a phishing email on behalf of a payment system
or bank, delivery service, online store, social network, tax, etc.
Phishing emails are crafted with great care. They are practically no different from
those letters that the user regularly receives in mailings from a real company. The
only thing that can be alarming is the request to follow the link to perform any action.
This transition, however, leads to a fraudulent site, which is a “twin” of the page of
the bank's website, social network, or another legal resource.
The incentive to follow the link in such letters