Phishing is one of the most common types of computer security attacks. It is a broad-based attack that aims at hitting the most people. These attacks basically try to incite you, as a user, to click on a link that will download—probably secretly—malware. Phishing attacks try to combine a sense of urgency with other human emotions to get you click on the link without thinking too much about the result of the action or the potential consequences.
For example, a phishing attack could attempt to prey on greed by getting you excited about potentially winning a gift card. Phishing attacks might instead try to prey on confusion by telling you to click on what looks like a legitimate link to clarify a lost delivery or to visit a seemingly familiar website. Or a phishing attack might also try to incite panic by warning you about a canceled membership, a firmware update, or a standard security policy update. Companies like Hikvision are dealing to avoid such threats with their products.
Attackers are always looking for creative new ways to target the unsuspecting web user. As such, here are a few common phishing techniques:
Among the most common types of phishing techniques, link spoofing is probably something you have seen at least once. Basically, this phishing technique involves making a malicious URL look like an authentic one. Even if you suspect that this message may be inauthentic, you are still far more likely to click on a link that looks like an authentic one, particularly if it relates to something you would normally visit. Of course, there are many ways to verify if a link is authentic before you click it.
Now, hot links are not the only things you will find online that could have been spoofed by an attacker. Indeed, threat actors can spoof or forge websites that will also appear authentic at first glance. And if you don’t do any investigating you might be tempted to continue clicking through the pages, taking you deeper into the proverbial rabbit hole.
Covert and malicious website redirects are also another way that threat actors can force your browser to interact with the web in an unexpected—and undesirable—way. This type of phishing will interrupt the loading of a legitimate website, which you are trying to visit, and forcibly redirects you to a website that is controlled by the attackers. One way that they do this is to stop the loading and ask you to “login” (especially using your social media account) so that you will click on the wrong button.