Read all the information on this page to understand phishing. Scroll page to navigate.
What is Phishing?Scammers scheme to get your valuable information by "fishing" for them through e-mail or other means of communication.
Passwords, banking details, and identification documents are some of the targeted information. |
You may not have been phished before⎯⎯or you think you've never been⎯⎯but if you have an active e-mail account, you are at risk of getting phished. |
How does Phishing Work? |
Phishing attacker claims to be someone or a company you know.
A phishing e-mail generally contains of malicious links for you to open. If you write down the information asked and proceed, your data would be successfully stolen. |
A Tale of Phishing
You received an e-mail from [email protected], who claims to be a Facebook staff member.
"Your account has been compromised...please change your Password as soon as possible through this link. Otherwise your account may be blocked within 24 hours", the e-mail says.
The e-mail has the same colour and feel of the Facebook homepage.
You clicked the link anyway, but you paused from writing your current login details. You realised the link referred you to a non-Facebook webpage.
Eventually, you're convinced the whole thing is some sort of prank and you quit your browser tab. After a little bit of research you found out you were almost get phished.
"Your account has been compromised...please change your Password as soon as possible through this link. Otherwise your account may be blocked within 24 hours", the e-mail says.
The e-mail has the same colour and feel of the Facebook homepage.
You clicked the link anyway, but you paused from writing your current login details. You realised the link referred you to a non-Facebook webpage.
Eventually, you're convinced the whole thing is some sort of prank and you quit your browser tab. After a little bit of research you found out you were almost get phished.
Types of Common Phishing Attacks |
Find out about various phishing schemes so you can identify them.
|
-
Regular Phishing
-
Spear Phishing
-
Clone Phishing
<
>
Regular phishing is a common and basic phishing attack. Regular phishing scam usually sent on a large scale of recipients. Attackers do not target individuals specifically for this type of phishing.
The wording for this phishing type is often very generalised e.g. they would address you as "customer" or "all", instead of your name. This is because your full personal information is not likely to be known yet by the attacker.
The wording for this phishing type is often very generalised e.g. they would address you as "customer" or "all", instead of your name. This is because your full personal information is not likely to be known yet by the attacker.
This phishing attack is more sophisticated than regular phishing. Attackers target specific individual or certain demographic with prior research about them. This could be done via looking up available information on social media or other means of gaining information, e.g. database hack of a company.
The phishing email's topic and sender would be relevant to the email recipients. An example of this is if one is known to be a current Sydney University student, an attacker would then design a spear phishing email about a fake scholarship offer.
The phishing email's topic and sender would be relevant to the email recipients. An example of this is if one is known to be a current Sydney University student, an attacker would then design a spear phishing email about a fake scholarship offer.
As indicated by its name, clone phishing imitate a legitimate email one has previously received before. Attacker would create a fake email copy and change the links as well as attachments to their own phishing version.
What clone phishing attacker may say to you: the previous email needed to be re-send or this (phishing) email is the updated copy! They could also not mention anything about sending a double, as you might open the cloned email without much thought.
What clone phishing attacker may say to you: the previous email needed to be re-send or this (phishing) email is the updated copy! They could also not mention anything about sending a double, as you might open the cloned email without much thought.