6.2. Types of Threats to Information Security: Phishing

Página 8

6.2. Types of Information Security Threats: Phishing

Phishing is one of the most common and dangerous types of threats to information security. Its name comes from the English word "fishing", alluding to the idea of ​​throwing a bait to catch something, in this case, confidential information from unsuspecting users.

This cyber attack consists of tricking the user into voluntarily providing personal or corporate information. The attacker impersonates a trusted entity, such as a bank, telecom company, or internet service, and sends an email, text message, or any other form of digital communication that appears legitimate.

How does Phishing work?

Phishing attacks often start with an email that appears to come from a legitimate company. This email contains a link to a fake website that mimics the company's real website. The user is then tricked into entering their personal or login information, which is captured by the attacker.

Sometimes the phishing email may contain an attachment that, when opened, installs malware onto the user's system. This malware can then be used to gather more information or cause other damage.

Types of Phishing

There are several types of phishing, each with its own characteristics and techniques. Here are some of the most common ones:

• Email Phishing: This is the most common type of phishing. The attacker sends an email that appears to be from a legitimate company, with the aim of tricking the recipient into providing personal or login information.
• SMS Phishing: In this case, the attacker sends a text message to the user, trying to convince him to click on a link or provide personal information.
• Voice Phishing (Vishing): This type of phishing involves the use of phone calls. The attacker impersonates a representative of a company and tries to trick the victim into providing personal information over the phone.
• Phishing via fake websites: Here, the attacker creates a website that looks like that of a legitimate company in an attempt to trick users into entering their personal information.

How to protect yourself against Phishing

The best way to protect yourself against phishing is to always be vigilant and suspicious of any communication that requests personal information. Here are some tips:

• Never click on links in emails or text messages that look suspicious. Instead, go directly to the company's website by typing the URL into your browser's address bar.
• Always verify the sender's email address. If it looks suspicious or different from the company's official email address, it's likely a phishing email.
• Install reputable antivirus software and keep it up to date. Many of these programs have features that can help detect and block phishing attempts.
• Use two-factor authentication whenever possible. This adds an extra layer of security as it requires you to confirm your identity using a second method in addition to your password.

In summary, phishing is a serious threat to information security. However, with awareness and proper security measures, you can protect yourself against these attacks and keep your personal and corporate information safe.

Next page of the Free Ebook:

96.3. Types of Threats to Information Security: Brute Force Attack