Skip to content
Related Articles

Related Articles

What is Phishing?

View Discussion
Improve Article
Save Article
Like Article
  • Last Updated : 13 Jun, 2022

Cybercrime is defined in simple words as a crime that is done online. Here, the medium used to commit crime digitally is the computer, network, internet, or any electronic device. The main targets of cybercrime are users of the system, websites, company defamation, gaining money, etc. The activities of cybercriminals are:

  • Spread virus and malware to cause harm to computers and sensitive data.
  • Attacks a computer to reach the target or victim’s computer via network.
  • Hack the victim’s system and steals confidential information from user’s data.
  • Gaining unauthorized access to user accounts.
  • Paving ways for online scams and frauds.
  • Generate profit by selling or locking crucial data.

As the newer technologies are rolling out, cyber crimes are also increasing. Cybercrime covers attacks like illegal downloading, credit card frauds,  cyberbullying,  phishing, creation, and distribution of viruses, spam, etc. 

 Cyber Crime Phishing

Phishing is one of the types of cyber attack. Phishing got its name from “phish” meaning fish. It’s a common phenomenon to put bait for the fish to get trapped. Similarly phishing works. It is an unethical way to dupe the user or victim to click on harmful sites. The attacker crafts the harmful site in such a way that the victim feels it to be an authentic site, thus falling prey to it. The most common mode of phishing is by sending spam emails that appear to be authentic and thus, taking away all credentials from the victim. The main motive of the attacker behind phishing is to gain confidential information like 

  • Password
  • Credit card details
  • Social security numbers
  • Date of birth

The attacker uses these information to further target the user and impersonate the user and cause data theft. The most common type of phishing attack happens through email. Phishing victims are tricked into revealing information that they think should be kept private. The original logo of the email is used to make the user believe that it is indeed the original email. But if we carefully look into the details, we will find that the URL or web address is not authentic. Let’s understand this concept with the help of an example:

In this example, most people believe it’s YouTube just by looking at the red icon. So, thinking of YouTube as a secure platform, the users click on the extension without being suspicious about it. But if we look carefully, we can see the URL is supertube.com and not youtube.com. Secondly, YouTube never asks to add extensions for watching any video. The third thing is the extension name itself is weird enough to raise doubt about its credibility.

Types of phishing attacks

There are several types of phishing attacks that are listed below:

  1. Email Phishing: The most common type where users are tricked into clicking unverified spam emails and leaking secret data. Hackers impersonate a legitimate identity and send emails to mass victims. Generally, the goal of the attacker is to get the personal details like bank details, credit card number, user id, and password of any online shopping website, installing malware, etc. After getting the personal information, they use this information to steal money from the user’s account or harm the target system, etc.
  2. Spear Phishing: In this type of phishing attack, a particular user(organization or individual) is targeted. In this method, the attacker first gets the full information of the target and then sends malicious emails to his/her inbox to trap him into typing confidential data. For example, the attacker target someone(let assume an employee from the finance department from some organization), and then the attacker pretends to be like the manager of that employee and then requests personal information or to transfer a large sum of money. It is the most successful attack.
  3. Whaling: Whaling is just like the spear-phishing but the main target is the head of the company, like the CEO, CFO, etc. a pressurized email is sent to such executives so that they don’t have much time to think, therefore falling prey to phishing.
  4. Smishing: In this type of phishing attack, the medium of phishing attack is SMS. It works similarly to email phishing. SMS texts are sent to victims containing links to phished websites or invite the victims to call a phone number or to contact the sender using the given email. The victim is then invited to enter their personal information like bank details, credit card information, user id/ password, etc. then using this information the attacker harms the victim.
  5. Vishing: It is also known as voice phishing. In this method, the attacker calls the victim using modern caller id spoofing to convince the victim that the call is from a trusted source. Attackers also use IVR to make it difficult for the legal authorities to trace the attacker. It is generally used to steal credit card numbers or some confidential data from the victim.
  6. Clone Phishing: in this type of phishing attack, the attacker copies the email messages that were sent from a trusted source and then alters the information by adding a link that redirects the victim to a malicious or fake website. Now the attacker sends this mail to a larger number of users and then waits to watch who clicks on the attachment that was sent in the email. It spreads through the contacts of the user who has clicked on the attachment.

How does phishing occur?

The most common phishing attacks include:

  • Clicking on unknown file or attachment: Here, the attacker deliberately sends a mysterious file to the victim, as the victim opens the file, either malware is injected into his system or it prompts the user to enter confidential data.
  • Using a open or free wifi hotspot: This is a very simple way to get confidential information from the user by luring him by giving free wifi. The wifi owner can control the user’s data without the user being aware of it.
  • Responding to social media requests: This commonly includes social engineering. Accepting unknown friend requests and then, by mistake, leaking secret data are the most common mistake made by naive users.
  • Clicking on unauthenticated links or ads: Unauthenticated links have been deliberately crafted that lead to a phished website that tricks the user into typing confidential data.

How to distinguish between a fake website and a real website?

To distinguish between a fake website and a real website always remember the following points:

  1. Check the URL of the website: A good and legal website always uses a secure medium to protect yourself from online threats. So, when you first see a website link, always check the beginning of the website. That means if a website is started with https:// then the website is secure because in https:// s denotes secure, which means the website uses encryption to transfer data, protecting it from hackers. If a website uses http:// then the website is not guaranteed to be safe. So, it is advised not to visit HTTP websites as they are not secure.
  2. Check the domain name of the website: The attackers generally create a website whose address is the mimic of large brands or companies like www.amazon.com/order_id=23. If we look closely, we can see that it’s a fake website as the spelling of Amazon is wrong, that is amazon is written. So it’s a phished website. So be careful with such types of websites.
  3. Look for site design: If you open a website from the link, then pay attention to the design of the site. Although the attacker tries to imitate the original one as much as possible, but they still lack on some places. So, if you see something off, then that might be the sign of the fake website. For example, www.sugarcube.com/facebook, when we open this URL the page open is cloned to the actual Facebook page but it is a fake website. The original link of Facebook is www.facebook.com.
  4. Check for the available web pages: A fake website does not contain the entire web pages that are present in the original website. So when you encounter fake websites, then open the option(links) present on that website. If they only display a login page, then the website is fake.

How to stay protected against phishing?

Until now, we have seen how a user becomes so vulnerable due to phishing. But with proper precautions, one can avoid such scams. Below are the ways listed to protect users against phishing attacks:

  1. Download software from authorized sources only.
  2. Never share your private details with unknown links.
  3. Always check the URL of websites to prevent any such attack.
  4. If you receive an email from a known source but that email looks suspicious, then contact the source with a new email rather than using the reply option.
  5. Try to avoid posting your personal information like phone numbers, addresses, etc on social media.
  6. Use phishing detecting tools to monitor the websites that are crafted and contain unauthentic content.
  7. Try to avoid free wifi.
  8. Keep your system updated.
  9. Keep the firewall of the system ON.


My Personal Notes arrow_drop_up
Recommended Articles
Page :

Start Your Coding Journey Now!