In this first article of 2024, I will talk about a very important topic, namely the techniques and types of phishing
I often hear about computer security because the problems are increasing compared to past years, it is essential to know the dangers and how to defend oneself (within limits)
I will try to write in the simplest way so that all readers can understand the mechanics of this phenomenon called phishing
What is phishing?
It is a sophisticated form of computer attack where hackers aim to steal sensitive information by finding ways to deceive users
Through social engineering techniques, their goal is to manipulate the victim and lead them into a trap to obtain personal or private information
Unfortunately, most people are not aware of these techniques and therefore are not able to protect themselves, the presence of a phishing attack can be given by:
- Suspicious links (always look for destination URLs)
- Suspicious domains (check URLs of websites where you access)
- Requests for sensitive information
- Grammatical and spelling errors
- Aggressive spam
How to protect yourself?
Is an antivirus enough? Unfortunately not, because if all antivirus programs blocked everything, there would be no more attacks and consequently the demand for computer engineers in the job market would decrease
Data shows that this job figure (computer engineer) has increased by 45% in the last 4 years compared to medicine or other types of professional figures
If you don’t know the world of cybersecurity, it’s not a problem, but if you don’t carefully check communications before clicking on links, you will be at risk
The only solution that can always defend you is two-factor authentication (2FA), so adding an additional security step (such as Google Authenticator) like the notification on your smartphone
In short, I will give an example of your bank, you need to check how much money you have in your bank account, access the website, then click on access internet banking by entering your username and password, as a final step you will need to confirm the notification with a secret code or generated by the application or that only you know Once this operation is validated, you can access the bank and no one else will know (except your banker) how much money you have available in your account in monetary terms
Types of phishing and techniques
- Search engine phishing where the hacker optimizes malicious sites with SEO (search engine optimization) to index the sites
- DNS phishing where the hacker assigns names to nodes on a network
- Phishing email is the classic attack system where there is an infected link
- Social media phishing
- Content injection phishing
- Spoofed website
- Phone phishing or vishing
- Smishing through an SMS on your smartphone
- Whaling where the attack targets professionals in a company
Always install an antivirus such as Bitdefender etc with real-time protection also on your email so that if you are distracted there are good chances that your antivirus will help you, another way to defend yourself is to check the HTTPS protocol (verify if it is valid) there are interesting guides on Google that explain how to do it.
I conclude this first article of 2024 wishing you a happy new year and always be careful to reduce the risk of cyber attacks.