Phishing is a form of attack or fraudulent technique used in electronic communication (e.g., via email) where the attacker poses as a certain authority (e.g., a seller from auction websites, representative of government offices, or online payment portals, etc.) and tries to obtain sensitive information from the target person, such as passwords, credit card PINs, internet banking details, or even money.
The principle of this technique involves sending emails, for example, with a request to enter personal information on a fake website that closely resembles or is almost identical to the official one. By providing their data, the victim unknowingly discloses sensitive information to the attacker, who can then exploit it.
In the past, phishing messages were easily recognizable due to poor English language or untrustworthy websites. Nowadays, phishing attempts can be very convincing and may only be detectable by experienced users. Nonetheless, banks, for instance, never request sensitive information from their clients via email.
As phishing gains more attention in recent years, attackers resort to a more sophisticated and dangerous form of attack known as spearphishing.
Spearphishing differs from regular phishing in that the attacker gathers all available information about a specific person or target group and tailors the phishing message specifically for that individual. This approach appears more credible and is harder to detect as a phishing attack. For example, a spearphishing attack may involve a phone call from a fake bank employee who knows exactly whom they are calling and attempts to extract information about the target's account. With today's technology, these attackers can redirect their calls to make them appear like genuine bank calls, speaking in a professional and serious manner and having some basic information about the victim.
Another form of phishing may include receiving SMS messages about winning a prize and being asked to provide personal information to claim it, which, again, is just another scam.
The easiest way to recognize phishing is through simple email communication. It may use a different communication format than what you are accustomed to from your bank, and the email domain may not match the official bank domain. The email may contain links to unsecured websites, and as mentioned before, banks do not ask for sensitive information in this manner.
Phishing over the phone is more challenging to recognize due to the attackers' credibility and professionalism. In many cases, they may try to convince you that they are protecting your money and will attempt to extract specific information. However, never disclose information over the phone and if you have doubts, it's best to contact a representative from your bank.
| Training name | Training duration | Venue | Price | The nearest date |
|---|---|---|---|---|
| Requirements of the standard / Training of internal auditors according to the ISO/IEC 27001:2022 standard |
1 day
|
Company in-house training | On request |
According to you
|
| TISAX - Trusted Information Security Assessment Exchange |
2 days
|
Company in-house training | On request |
According to you
|
| Cyber security and requirements of the ISO/IEC 27001 standard |
2 days
|
Company in-house training | On request |
According to you
|
