Phishing: What Is It and How Many Types Are There
In this article, we will continue to expand our information on one of the most common types of cyberattacks: phishing.
Phishing is a set of techniques that aim to deceive a victim and gain their trust by impersonating a trusted person, company, or service (impersonation of a trusted third party). The impersonator is called a phisher. The goal is to manipulate the victim and make them perform actions they should not perform (e.g., reveal confidential information or click on a link).
There are several types and examples of phishing, each with specific methods to trick victims. In this post, we describe the most outstanding ones and explain how to protect yourself from them through Enthec's solutions.
The most prominent types of phishing
Knowing the different types of phishing and how to identify the warning signs will help you protect your information and navigate the digital environment more safely. Read on to find out everything you need to know!
Email phishing
Most of these phishing messages are sent through spam. They are not personalized or directed to a specific person or company, and their content varies depending on the phisher's goal.
Common phishing targets include banks and financial services, cloud productivity and email providers, and streaming services.
Voice phishing
Voice phishing is the use of the phone to carry out attacks. Attackers use VoIP (Voice over IP) technology to make numerous fraudulent calls cheaply or for free to obtain codes, passwords or bank details from the victim, who often does not suspect anything.
SMS phishing
Smishing is a form of phishing in which mobile phones are used as an attack platform. Smishing attacks typically invite the user to click on a link, call a phone number, or contact an email address provided by the attacker via SMS message. Smishing is a form of phishing in which mobile phones are used as an attack platform. Smishing attacks typically invite the user to click on a link, call a phone number, or contact an email address provided by the attacker via SMS message. The criminal attacks with an attempt to obtain personal information, including credit card or social security numbers.
Page hijacking
It is achieved by creating an illegitimate copy of a popular website where visitors are redirected to another website when they log on.
Calendar spoofing
Calendar spoofing is when phishing links are delivered via calendar invitations. Calendar invitations are sent that, by default, are automatically added to many calendars.
Whaling
Whaling, also known as CEO fraud, is similar to spear phishing but focused on senior executives or people with critical organizational positions. Attackers are looking to gain valuable information or authorize fraudulent financial transfers.
To learn more, access our post→ What is CEO fraud, and how can it be avoided?
Spear phishing
This well-known type of phishing stands out for carrying out attacks that target specific individuals or companies. Cybercriminals research their targets to personalize messages and increase the likelihood of success. For example, they may impersonate a colleague or boss by requesting sensitive data.
If you want to learn more about this type of phishing→ What is Spear Phshing: 4 keys to protect your company.
Qrshing
The trend of using QR codes has also led to the emergence of some scams, such as this type of phishing, which specifically consists of creating malicious QR codes that, when scanned, direct victims to fraudulent sites designed to steal personal information.
Main keys on how to prevent phishing
Now that you know the main types of phishing, it is essential to consider the keys to prevent them.
- Verify the authenticity of messages. Before clicking links or providing information, confirm that the sender is legitimate.
- Don't share sensitive information. Avoid providing personal or financial data through links or unsolicited calls.
- Keep your software up to date. Make sure all devices and apps have the latest security updates.
- Use multi-factor authentication (MFA). Add extra layers of security to protect accounts.
- Educate and raise awareness. Participate in cybersecurity training programs to recognize and prevent phishing attempts.
If you have been the victim of an attack, you should first change your access credentials and notify the impersonated entity to solve the phishing. In addition, it is advisable to use threat monitoring solutions, such as Enthec's Kartos, which allows you to detect active campaigns and prevent new fraud attempts.
Kartos by Enthec helps you locate active phishing campaigns
Kartos Corporate Threat Watchbots is the monitoring and cyber surveillance platform developed by Enthec for the protection of organizations. Among its capabilities, the real-time location of active phishing campaigns with corporate identity theft and their monitoring until their total deactivation stands out.
Contact us to learn more about how Kartos can help protect your organization from phishing and other threats.
The Three Layers of the Web: Internet, Dark Web and Deep Web
This article will discuss the Internet, the Deep Web, and the Dark Web and the content found in each. These are commonly referred to as the three layers of the Web or the three levels of the Web.
Internet
The Internet is a web-like network of interconnected computers worldwide. It consists of servers that provide information to millions of people who are connected through telephone and cable networks. Its origins date back to 1969, when the first computer connection, known as ARPANET, was established between three universities in California (United States).
One of the most successful services on the Internet has been the World Wide Web (WWW or the Web), to such an extent that confusion between the two terms is common. The WWW is a set of protocols that allows, in a simple way, the remote consultation of hypertext files.
The Deep Web
The Deep Web is part of the World Wide Web and cannot be found on common search engines like Google. The part that is available to everybody is called the Surface Web. The first person to use the term “Deep Web” was Mike Bergman, a computer scientist, in 2000.
The Deep Web is not the same as darknet or the Dark Web, though they could quickly appear to have the same meaning.
Accessing the deep web does not require unique protocols; that is the main difference.
The Dark Web
This term refers to content that search engines do not index, requiring authorization or special software to access. It is all that deliberately hidden content that we find on the Internet.
A darknet is a private or closed computer network. The Dark Web comprises independent networks (specific networks such as TOR or IP2).
The Dark Web is a part of the World Wide Web located on the darknets. To access it, you must know a password and use specific software. It can only be accessed through the Tor or IP2 browser. The encrypted nature of the browser means that anyone trying to access the dark web remains anonymous by default.
Google or any other search website cannot find a darknet. The Dark Web exists within the Deep Web but is not an equivalent network.
Kartos crawls the three layers of the Web to locate vulnerabilities in your organization
Kartos Corporate Threat Watchbots is the Continuous Threat Exposure Management (CTEM) solution developed by Enthec to protect organizations. Through its army of bots, Kartos crawls the Internet, the Deep Web and the Dark Web to locate exposed vulnerabilities and open corporate breaches that are public and for sale and that can be used to engineer a cyberattack against the organization. Kartos works continuously, automated, autonomous and in real time. It does not require implementation in the organization's IT system and issues alarms in real time about the vulnerabilities and threats it finds. Contact us to receive more information on how Kartos can help you neutralize ongoing threats against your organization.