Phishing is a serious threat to any industry. We have seen this topic appear in the news more each day. You might have already received a fraudulent email from what seemed to be your bank or even seen the hacking that took place during the 2016 US presidential election. But what do you know about phishing?
What is Phishing?
Phishing is the fraudulent attempt to obtain sensitive information like login information or other personal identification information (PII), which is any data that could potentially identify a specific individual, such as:
- usernames,
- passwords,
- credit card details,
- SSN (Social Security Number),
- bank account information,
- email,
- phone number,
- secret question answers
Even partial information can increase the chances of success in subsequent social engineering attacks.
In a phishing attempt, something lures the victim pretending to be a trustworthy entity, such as:
- banks
- electronic communicators
- internet providers
- retail companies
- shops and others
Types of Phishing
Phishing attempts happen in many ways.
Deceptive Email Campaigns
Email phishing is a term used in technology to refer to the fraudulent practice of sending emails apparently from a known or trusted sender with the objective of inducing victims to reveal confidential information.
Phishing can be a targeted act or not. We can assume that pretty much everybody has already received a phishing scam via email. Nowadays, it is easier for us not to notice these emails since anti-spam technology has evolved. Most of these messages are blocked from ever reaching our inboxes.
Preventive Measures
Phishing attacks are widespread and with the holidays so close these malicious practices become even more common.
You should always pay attention to details when entering credentials anywhere on the web. Here are some red flags:
- Suspicious URLs,
- Lack of HTTPS,
- Weird wording,
- Typos,
- Unknown email senders
Use 2FA whenever possible. If criminals steal your credentials, they will still not be able to use them without the second authentication means (SMS, Authentication app, hardware token, etc.).
Phishing is usually hard to detect because the malicious pages are created deep inside the directory structure. People don’t normally check those directories and unless you know the exact URL of the phishing page, you would never know your site is hacked.
As a webmaster, it is advisable to have an account in Google Search Console to notify you about security problems, including phishing.
Website owners can also use specialized sites like PhishTank.com and VirusTotal.com to figure out if their site hosts phishing pages. TheWebOrion also monitors databases of 10 security providers and will notify our customers if any of them detect problems with their websites. Most phishing pages are actually placed on hacked sites. If you are not sure your website has been hacked, we can help you.