Phishing Attacks

Phishing is a type of cyberattack in which cybercriminals attempt to steal your personal information—such as passwords, card numbers, and usernames—through fake websites, emails, and messages.

What is phishing ?

These attacks are named after the metaphor of “fishing,” as they resemble casting a net to lure victims with something that appears convincing. In other words, the goal is to gain the target’s trust and lure them into a “data trap.”

Phishing attacks are typically carried out through the following methods:

📧 Fake email messages (appearing to come from a bank or a reputable service) 🌐 Websites disguised as legitimate 📱 SMS messages or voice calls 💬 Links spread via social media

When does phishing occur?

Phishing attacks often occur under several conditions and situations:

• Fake notifications claiming as banks, payment platforms, or online shopping sites during financial transactions
• Messages requesting verification for personal account security, such as fake communications claiming to be from email, social media, or cloud services.
• Fake access requests to your work email or internal shared document systems during corporate internal system logins
• Malicious links disguised as security updates, spread under the pretense of antivirus or software upgrades

In these cases, when a user panics and clicks, the link redirects them to a fake log-in page, and an anonymous attacker captures their information.

Phishing attacks🕵️‍♂️

The main types of phishing attacks are:

• Email phishing is the most common form. Users receive a fake email containing a link that prompts them to enter confidential information.
• Smishing (SMS phishing): Request to transfer money via a link or short code in a short message, and to enter the code.
• Vishing (voice phishing): Asking for confidential information over the phone; claiming to be a bank employee and requesting information.
• Clone phishing: Copying a decrypted version of a legitimate email and inserting a malicious link.
• Spear phishing: A more targeted attack aimed at a specific individual or organization, disguised as an authorized message that includes knowledge of the recipient’s name, position, and interests.

The main feature of each type is to appear as if coming from a trusted source and to redirect the user to a fake page.

How to prevent phishing? 🛡️

• Verify the source: Carefully examine the sender’s email address. Check for similarities with official domains (for example, it might be “@bank-secure.az” instead of “@bank.az”).
• Go directly to the website: Never click on links in emails. For example, if you receive a message from your bank, manually enter the URL in your browser or use the official app.
• Delete suspicious messages: Don’t trust alarming subject lines like “Urgent” or “We will block your account.” Delete them without verifying the sender.
• Use antivirus and firewall: A real-time protection system can alert you when you click on a phishing link.
• Take regular training: Training on recognizing phishing patterns at work or on a personal level can be extremely beneficial for you.

Methods of protection phishing attacks🔐

• Multi-factor authentication (MFA): Even without a password, an additional verification step makes it more difficult for an attacker to gain access.
• Verify website credibility using SSL/TLS encryption: Pay attention to whether the URL begins with “https://” to ensure a secure connection.
• Anti-phishing plugins and filters: Add anti-phishing plugins to your browser, activate your email provider's spam filters.
• Security policies and procedures: Implement rules for resource control, data sharing, and risk management within the organization.
• Data backup: Remember that even if your account is compromised, important documents should be stored in a safe place.

The threat of phishing is growing every day. By taking simple precautions and staying informed, it is possible to minimize the risk of cyberattacks.