What exactly are Phishing attacks and how is your security at stake in these kinds of tricks? Bictory Finance cares for all the users all over our product suites and we want to make awareness for some of the types of phishing tricks that hackers commonly use.
Spear Phishing: Involves targeting a specific individual in an organization to try to steal their login credentials. Usually involved clicking on a link and logging in or signing up in that website to acquire submitted data by the victim
How to Avoid: Always check the link or website you are accessing if it is an official one.
Vishing: Commonly known as “Voice Phishing” usually done by calling the targeted person through phone pretending to be a representative of an organization or company to obtain the target’s information.
How to Avoid: Do not give information upfront and ask for a call back number, name of the caller, and position in the company. Be in contact first with the official site or official page of the company or organization and confirm if they are asking information through phone calls. Get assistance or a walkthrough with their protocol and which information are asked and NOT asked in those instances. Bictory Finance Support does not call phone numbers to be in contact with users.
Email Phishing: The attacker sends an email to the target that gives of a legitimate impression. Once victim replied with the information, they can steal or sell the victim’s data.
How to Avoid: Always be aware of the email addresses you are going to reply with. Bictory Finance utilizes official email addresses and official Support Platforms. See list here on how to use Support and list of our official email addresses here.
HTTPS Phishing: Executed by sending the target with a fake website. The site may be used to imitate the original website and it may look so legitimate to trick the target in submitting credentials to the original website. They can then use this credential to login to the official website and steal the account.
How to Avoid: Always check the link itself if it is the official website. Even one wrong letter or character may redirect you to the wrong or fake website.
Pop-up Phishing: Pop-up phishing uses a pop-up about that usually says your device has a problem or sometimes it is in a form of ads. Once victim clicks on the pop-up thinking that it is a real problem in their device, it will direct the victim to download a file which contains malware.
How to Avoid: You can block pop-ups in your browser settings and if you refuse to do so, be very careful on what pop-ups you access.
Evil Twin Phishing: This is done by the attacker setting up a fake Wi-fi network. If the victims log in to it and enters personal data, hacker obtains their information. This can be usually found in public places showing like a free Wi-Fi in the malls, park, and etcetera.
How to Avoid: Be careful on connecting to a wifi especially in public places. If possible, you can bring your own data or use VPN.
Smishing: Attacker uses SMS or text message to gather information to from the targets. Most of the time they are also pretending to be a part of a company or an organization telling the victim that their account has incurred problems and they need to tend to it.
How to Avoid: Do not reply to the SMS because you might receive more spam or smishing messages as the attacker can recognize your number is active. Call the official number of the organization or company that the attacker is pretending to represent and confirm the problem.
Image Phishing: This type of attack uses images or jpg with hidden malicious code and HTML files and when victim clicks on the image, attackers would be able to steal their data or download a malware in their devices.
How to Avoid: Easiest way to identify is to hover the cursor (do not click) on the image and it will show if it will redirect you to a website or files.