Top.Mail.Ru
Phishing — Postmypost
Log in
Sign up
RU EN
Log in Sign up
Glossary – Phishing

Phishing

Nikiforov Alexander
Friend of clients
Back

Contents

What is phishing?

Phishing is a method of internet fraud used by hackers to gain access to users' confidential information, including their accounts and credit card data. Scammers operate by a proven scheme, sending out "bait" in the form of emails, messages, or links to fake websites to "catch" trusting users.

The term "phishing" comes from the English word "fishing," but instead of the letter "f," "ph" is used, referencing an earlier form of hacking known as phone phreaking. According to the FBI, in 2023 alone, scammers stole $2.9 trillion in the U.S., while in Russia, according to the Central Bank, 15.8 billion rubles were stolen, despite many theft attempts totaling 5.8 trillion rubles being thwarted.

Types of phishing attacks

Targeted phishing

Targeted phishing, also known as spear phishing, is an attack aimed at a specific company. Scammers research employees through social media and send them emails that look like internal requests from colleagues, using real names and positions. One subtype of this method is whaling or CEO phishing, targeting executives. For example, in February 2024, an Indian company lost 40 million rupees due to scammers impersonating a request from the company's chairman.

Email phishing

This type of attack involves using fake emails that appear to be messages from well-known brands. Scammers spoof addresses to make them look official, and when users click on links, they are directed to fake websites. One subtype of email phishing is clone phishing, where scammers send emails on behalf of programs or stores that you often use.

Phone phishing

Phone phishing is divided into two subtypes: vishing and smishing. Vishing involves calls during which scammers create a sense of urgency in the victim, demanding confidential information, often posing as bank employees. Smishing, on the other hand, relies on text messages containing malicious links disguised as coupons.

Social media phishing

Scammers create fake accounts on popular social media platforms like Instagram, VKontakte, and Facebook. They impersonate acquaintances of the victim or accounts of well-known companies, sending messages requesting users to visit fake websites or provide personal information.

Web phishing

Web phishing involves creating fake pages that are nearly indistinguishable from major brand websites. Hackers use various methods, including contextual advertising, to promote these fake sites and may also employ "watering hole" tactics, substituting the addresses of sites frequently visited by company employees.

How to recognize phishing attacks

There are several "flags" that may indicate phishing:

  • The email creates alarm and a sense of urgency.
  • The email is impersonal, without addressing the recipient by name.
  • The email contains grammatical errors.
  • Suspicious sender address.
  • Links are embedded in the text or shortened.

To identify a phishing website, pay attention to:

  • Errors in the web address.
  • Lack of a secure connection (http instead of https).
  • Incorrect top-level domain.
  • Poor quality of the company's logo.

How to protect yourself from phishing

To protect yourself from phishing, follow these recommendations:

  • Enable two-factor authentication for all important accounts.
  • Regularly update software.
  • Install reliable antivirus software that can detect phishing sites.
  • Set up email filters to detect spam.

Implementing these measures will significantly reduce the risks of becoming a victim of phishing attacks and help protect your personal data.