The word “Phishing” is the homophone of real fishing; in which a bait is used to allure a fish to be trapped and caught. The annual financial impact of phishing world-wide was to the tune of $5 billion; as per a report in February 2014, released by Microsoft Computing Safer Index Reports.
Phishing Scams are attempts made by a scammers for obtaining sensitive information such as username, passwords credit card details, in the guide of a genuine entity, through an electronic communication. The objective is to make illegal financial gain. It is carried out by instant messaging or email spoofing. The scammers allure the victim into entering their personal information at a genuine looking, fake website. These communications purport to be from banks, social websites, auction sites, IT administrators or online payment processors
Types of Phishing Scams
- Spear Phishing
91% of phishing scams is spear phishing. It aims at directing particular companies or individuals for parting with their personal information.
- Clone Phishing
This is one of the phishing scams in which the scammers take a legitimate and early delivered email, with attachments, link, content and address of recipient and create, exactly the same one, called ‘cloned email’. They take out the attachment and the link and replace the same with a malicious version. Then, they send from an email address that appear to be the original sender
The scammers target senior executives of businesses. The contents of the email sent, are in the shapes of customer complaints, legal subpoena or executive issues and looks like being sent from authentic sources. Sometimes, it looks like subpoena emails from the FBI, directing the manager to click a link and install a particular software to see the subpoena
- Link Manipulation
In such types of phishing scams, the scammers make a link in an email that appears to be from the spoofed organization. Usually, they use misspelled URLs or sub-domains. In yet another trick, the scammers make the displayed text for a link, such that it suggests to be a reliable destination, whereas, it is actually a phishing site. Homograph attack is related to International Domain names (IDN) that allows similar web addresses which ultimately lead to malicious websites.
- Filter Evasion
It is one of the innovative phishing scams in which the scammers use images in place of text which cannot be detected by anti-phishing filters that make use of Optical Character Recognition (OCR) for scanning the filter and images. Another anti-phishing device is Intelligent Word Recognition (IWR) that detects rotated or distorted texts and even the cursive handwritings and texts on colored backgrounds
- Website Forgery
- Covert Direct
Of the many types of phishing scams, adopted by scammers, this attack makes the link to appear legitimate and thus the victim is prompted by a login popup on the domain of the affected site, to visit the website of an attacker. However, the scammer uses a real website and does not corrupt the site with any kind of malicious popup dialogue box.
- Social Engineering
In such types of phishing scams, the victim is enticed to click on unusual contents that are associated with social and technical backgrounds. For instance, a malicious attachment may look like a genuine link of Google. Scammers also use fake stories or news to create inquisitiveness in the user, thus baiting him to click on the fake site.
- Phone Phishing
Not all the phishing scams are committed through fake websites. For instance, the victim receives a phone call, purporting to be from his bank, asking him to dial a particular phone number, for clarifying certain issues related to his bank accounts. The scammers use phones provided by a Voice over IP service. When the victim dials that number, he is asked to enter his account number and PIN. Phishing through voice is known as ‘vishing’. Sometimes, the scammers use fake caller ID data to convince the victim that, the call is from genuine and trusted organizations. Similarly, SMS phishing makes use of cellular phone text messages for baiting the victim to divulge his personal information.
It is one of the reverse phishing scams. Instead of directing the victim to the fake site, scammers load the fabricated page in one of the open tabs of the browser who uses tabbed browsing with multiple open tabs. Thus, the victim is indirectly redirected to the affected sites and is trapped for furnishing personal information.
This kind of phishing scam is very difficult to spot. The scammer builds up a fake wireless network, having exact resemblance to authentic public network at public places such as hotels, airports or coffee shops or cafeteria. Without being aware of the illegitimacy, when a person logs onto the fake network, the scammer captures the person’s passwords or credit card information.
The phishing scams are so varied, innovative and real look-alike that unless s person is aware of the types of the phishing, he or she is more likely to fall victim. Once the personal information is parted with, the consequences may be financially and socially catastrophic. Knowledge, alertness and presence of mind can prevent you from such disasters.