What is Phishing?
Be cautious with discount coupons, promotions, surveys, and other offers you encounter online. These might be phishing attacks, and your personal information could fall into the wrong hands.
Phishing Tactics
- Fake Websites: Attackers create replicas of legitimate websites to deceive users. When users enter their login details or other sensitive data into these sites, their information is captured by the attackers.
- Creating a Sense of Urgency: Phishing messages often create a sense of urgency. For example, they may claim that your account will be closed or that a suspicious transaction has occurred, pressuring you to act quickly.
- Baiting: Attractive offers or rewards are used to lure users. When users click on these offers or enter their information, they fall into the attackers’ trap.
Types of Phishing
Email Phishing
Attackers deceive users through fake emails. These emails often appear to come from a trusted institution and ask for sensitive information or provide links to click on.
Example: “Your account has been restricted. Please verify by sending your password.” Avoid sending your password and personal information in response to such emails.
Be cautious with every link in your email. Attackers might manipulate you as follows:
Original Link: https://facebook.com
Fake Link: https://faceb00k.com
Original Link: https://twitter.com
Fake Link: https://tvvitter.com
Original Link: https://instagramm.com
Fake Link: https://instagrann.com
Clicking on these fake links, designed to mimic the original ones, can lead you to a page where your information might be stolen instead of the intended site. These pages, with identical designs to the original ones, are created specifically for phishing attacks. If you log in on such a page, your information will be captured by the attackers.
To avoid the risk of phishing attacks, instead of clicking on the address in an incoming email, open a new tab, log into your account, and check your inbox.
Spear Phishing
A more targeted attack type. Attackers send personalized emails to a specific individual or organization, making the message more convincing based on the target’s personal information.
Smishing
Phishing attacks are carried out via SMS. Users receive fake messages that contain malicious links or requests for information.
Vishing (Voice Phishing)
A type of phishing is conducted via phone calls. Attackers call victims, posing as a trustworthy person or institution, and ask for sensitive information.
Clone Phishing
They are conducted by cloning an existing email or message. Attackers copy the content of a legitimate email and replace its link with a malicious one.
Whaling
A phishing attack targeting “big fish.” It is usually aimed at top executives or individuals in important positions.
Phishing Attacks on Web Pages
Any link you click on while browsing web pages could subject you to a phishing attack. The newly opened page might look like a bank page, social media account, etc., asking for your information to log in. As mentioned, check URLs to ensure you’re on the correct page. Otherwise, your account could be compromised.
Social Engineering
Clever methods used to capture your personal information (account details, credit card information…) online are called social engineering. These attacks occur through emails, ads, and websites.
Be cautious of links sent from unknown accounts on social media (Facebook, Instagram, Twitter, WhatsApp…) that resemble promotions, discount coupons, surveys, etc., as they pose phishing risks. The link sent might be a phishing link.
More dangerous is receiving phishing messages from a friend’s compromised account on social media. You might be more likely to trust links from friends, increasing the risk of falling for phishing attacks.
Protection Methods Against Phishing Attacks
- Scrutinize Emails and Messages: Carefully check the source of incoming emails or messages. Do not click on links from unreliable or unknown sources.
- Check URLs: Examine URLs carefully. Fake websites often have URLs similar to the original but with minor differences.
- Use Security Software: Security software like antivirus programs and firewalls can protect against phishing attacks.
- Use Multi-Factor Authentication (MFA): Implement additional security layers such as two-factor authentication for your accounts.
- Education and Awareness: Regularly educate yourself about phishing and take training. Raise awareness among your employees and family members about phishing attacks.
- Update Software: Ensure that your operating system, browsers, and other software are up to date. Updates often close security vulnerabilities.
In short, when clicking any link on the internet and logging in with your account information on any site, make sure you are on a reliable connection against phishing attacks!
Explanation video prepared by Google for phishing: