Phishing is a type of cyber crime where criminals pose themselves as someone else or some legitimate business. Their main aim is to collect personal or sensitive information from the victim in a voluntary manner.
‘Why Phishing’ – Interestingly, the term phishing evolved from the term fishing, wherein a net is thrown widely hoping to lure some fish into it. Its usually innocent people or people without time to really check the sender’s email address or link that fall into phishing traps.
Types of Phishing – There are a few variations of phishing attacks. There is the ‘spear-phishing’ attack which has a more targeted set of victims. Then you have ‘smishing’ which targets social media and messaging services. The not-so-common phishing attacks using voice calls are known as ‘vishing’ attacks. Then there are the ‘generic’ phishing attacks which ask for a password reset for banking services or personal/official email.
History of Phishing – Its believed to have started in the mid-1990s when the software tool AOHell was used to target AOL user’s passwords. Its almost three decades now and phishing still works as there are always easy targets available online.
Examples – You could get emails that appear to be from your bank, requesting for change in username and password as a security gimmick. This way, you could end up giving them access to your bank account! Another popular gimmick is an email or SMS declaring you have won a lottery or sweepstakes and request your account details for transfer of money. Alternatively, there is the too-good-to-be-true ‘bounty’ stories wherein the victim is asked to help transfer a staggering amount of inheritance money, in return for a share for the victim. The unsuspecting victim is then asked for their bank details! Some phishing attacks asking for sensitive information even appear to come from friends, co-workers or your boss.
How to Detect Phishing – Look out for wrong spellings of email sender or email address that doesn’t match the supposed sender. Banks and retailers never request for sensitive information such as passwords or your credit card details. Never click on links in such mails without confirming the sender. Instead, delete such mails from your inbox!