Phishing activities or target fishing are carried out by hackers with the aim of finding as many victims as possible by using various types or methods of phishing.
Here are 7 types of phishing that often take their toll, there are:
1. Phishing Email
Most phishing is done by sending via email. The perpetrator uses a fake domain or disguises himself as the domain of an official institution. However, if we look further, the email domain used is different and tends to be longer than the original domain. They even create web email headers that closely resemble the original domain. They use designs, URLs, and even fonts that are similar to official institutions. The domain used usually changes the character to trick potential victims. For example, using the “.” To replace “-“.
In addition, usually the attached documents are in the form of project documents or documents in the name of payroll or salary slips that the target has already known. So that the possibility to click or download is even greater.
Because, we often don’t realize that there are one or two different characters in a domain address. If you receive a link from an email with a suspicious domain, you can copy the email address and domain to Microsoft Words or similar. Then change to another font or use caps lock so that all use uppercase letters. That way it will be seen if there are differences in character. Examples include the following manipulation of email names: budiman@company.com to budirnan@company.com. However, if we use capital letters to check the correctness of the email, it will show a difference, namely BUDIMAN@GMAIL.COM for the correct email and BUDIRNAN@GMAIL.COM for the wrong email address.
2. Spear Phishing
This type of phishing, the methods are the same as email phishing in general. However, the perpetrator has specifically targeted victims who were sent personally.
Spear phishing can be sent via e-mail that is designed to pretend to be from the victim’s service provider, the office he works for or someone else.
This fraud took a lot of victims because the language used is a private language. This can be done because usually the perpetrator already knows some of the information the target has, such as his name, occupation, email address or title.
3. CEO Scams / Whaling
This type of phishing is aimed at the CEO of a company as the name implies, namely CEO Fraud, or other high-value targets. Many of these targets are members of the board of directors, directors, directors, commissioners or someone with very high authority in the company. The mode is to distribute the email on behalf of the target and the techniques used are usually smoother.
However, several cases occurred in the United States because the leader was not an ordinary employee. They use their personal email address for business correspondence. Which sometimes escapes the company’s security protection. Which is an opening for hackers to become a target for phishing.
Then in some cases the perpetrator after knowing the email account name and password will usually send an email to the office employee and ask to transfer a certain amount of funds to a certain account or for other purposes such as gaining access or information on certain platforms to fully control the system in the company where he works.
4. SMiShing
SMiShing or short for SMS Phishing, which is a type of phishing via SMS or short messages which is almost the same way as using email for fraudulent purposes. They send short messages directing the target to click on the url / download files in the form of malware, trojans or viruses listed in the message to infect the cellphone.
5. Vishing
In this type of phishing vishing, the method used by the perpetrator is to directly call the target. Usually they will disguise themselves as customer service, investigators or other roles that can trick the target that their e-mail account/banking account/other account has been compromised. So that they have the opportunity to get complete data/account information with reasons to repair or recover the data in the system so that it runs normally.
Usually they have pocketed the target data carefully so that the target can quickly trust such as their full name and address. Next, they will target more sensitive data such as mbanking names and passwords and so on.
6. Angler phishing
This type of phishing attack is carried out via social media. The perpetrator realizes that people voluntarily share various things on social media. Likewise, companies that use social media to communicate with their users or customers. This is what the perpetrators take advantage of.
The most widely used example is that the perpetrator creates a social media account that is similar to the official account of a company or institution. When a social media user mentions a brand or company or institution, it can be related to a complaint, question or other, the fake account will respond as if it wants to provide a solution or help. Usually they will include fake links containing cloned websites, or to download malware.
7. Web Phishing
Web Phishing is an attempt to trick the target with a fake web. This web is usually made as similar as possible to the original web, even if it is examined further, the web will look the same which distinguishes only the domain name used. However, this phishing activity can also be done intentionally by the website owner or by hackers who have successfully infiltrated a website and placed a phishing page. Or by imitating the original website address which is made as similar as possible so that it can deceive people who visit the website.
For example, for a recent incident, as reported by Kompas, there was a perpetrator who carried out a web phishing on the xiaomi Indonesia website using the mi-co.id domain with a display that matched the official website. If we are not careful, we could be victims of this fraud, especially on the website that offers cashback or promos that are not half-hearted. Even though the official site is mi.co.id.
Those are the 7 types of phishing that are around us. Be careful when surfing the internet or receiving messages from strangers. Because the impact of the losses from this phishing is very large. If you or your company want to avoid all forms of interference such as phishing, strengthen your network security, because apart from human errors there are several factors that can be the cause.
One of the causes of leaking of employee user data is because the network in the office does not have high protection or security in terms of the network at the company or the absence of protection for its end point security so that it can be easily exposed by hackers or other people outside the organization.
If you are interested or want to know more information about services and products and other advantages of IIJ Global Solutions Indonesia. Please contact us, we are ready to help and serve you wholeheartedly.