Phishing: most common techniques



What is « Phishing »?

It is a form of online scam that is currently quickly developing, it consists in sending people e-mails to eventually obtain private information such as their bank accounts. Imagine you are just trying to check your bank account but you actually give away your information, resulting in identity theft.



Well there is a number of ways depending on how skillful the scammer is:

·         You typically get a spoofed (mimicking a business/agency, usually your bank) e-mail from a scammer. The e-mail makes up an excuse to make click on a link leading to a fake website (that looks like the one from your bank in our example) provided by the e-mail itself where you will be asked to enter your financial account information and/or other information concerning your identity. Remember that no legit business/agency will ever ask you to do such a thing.

Notice that this approach can also be used in a slightly different way on social media websites. In this case you receive strange requests from people you don’t know. Do not accept them, do not share links coming from people you don’t know (famous examples are fake links to celebrity sex tapes, applications on Facebook to know who visits your profile…). When seeing all these things, just report them. 

·         A more technical method consists in planting a malware in your computer when you accept to read the e-mail or click on one of its attachments. The malware will then spy on your activities and intercept your information when you use it online: e-commerce websites, bank log in page… Sometimes, the malware will redirect you to fake websites automatically and let you enter your precious data or even intercept your keystrokes!


Are there other techniques?

Indeed, there are two other identified techniques:

·         The spear phishing (read more about it here)

·         The In-session phishing (read more about it here)


Is it that common?

Unfortunately, it is: according to the Anti-Phishing Working Group (APWG) 4th quarter 2012 report:

More than 45 thousand phishing websites were detected in December 2012,

As expected, the most common phishing attempts mimic the victim’s bank (34.4%),

Around 30 % of computers worldwide are infected with malware!


For the full report, click here


Here at Scan and Trust, we want you to be aware of the risks but also of the solutions, don’t hesitate to check a suspicious e-mail address, website… Just ask for a scan!