Hi everyone, my name is Johnathan Ayala Dubon and I am currently majoring in
Cybersecurity. Today, I will talking about a cybersecurity related topic called Phishing.
Some of you guys may be aware of it but some of you guys might not. I will be going over it
shortly.
But first let me emphasize about the importance of cybersecurity. According to
Cybersecurity Ventures, "Around 90% of data breaches involve phishing, making it a crucial
method for cybercriminals to target organizations." As you can also see in this graph, there
is a increasing relevance of phishing sites. Meaning that these attacks are going up in
volume.
Phishing happens every day and can happen at any time, not only to individuals like me or
corporate companies but also to all of you. In fact, when I was a kid, I clicked on a
malicious link, and hackers accessed one of my social media accounts. Now having
access to my account, they spread that same malicious link to my friends, making it seem
believable. Many others got caught in this chain of phishing attacks. So, today, I'll make
sure to teach you what phishing is, the different phishing techniques attackers use, and
how you can be more prepared to protect yourself and your personal information on the
internet.
And as you might be questioning what is phishing? So phishing is when a malicious
individual tries to make the victim share their personal information, that could be
passwords, usernames, credit card information, so on and so forth. The word ‘phishing’
originated from the word fishing. From what you know and your experience, fishing is when
you try to catch a fish with a rod using ‘bait’. The same way applies to this term phishing but
instead of catching fishes from the attacker’s perspective they are trying to catch valuable
information.
I'll start by discussing phishing in more detail now that you know a little about its definition.
For my second point, I'll go over the types of attacks considered phishing, as it is a broad
term. Lastly, I'll talk about methods or ways you can defend yourself from this common
attack and prevent your personal information from being given to malicious individuals.
�Now let’s delve deeper into the definition of phishing. According to James Edwards, a
cybersecurity expert, in his 2024 article 'Understanding and Avoiding Phishing Attacks:
Techniques and Examples,' phishing in general is carried out by tricking an individual into
clicking a malicious site where it can either install malware into your system or is able to
trick you into entering your credentials or personal information into the malicious site.
(Edwards, 2024)
Attackers to carry out this phishing attack they create a fake website usually it is cloned.
Meaning that almost all the layout and format of a real webpage is inputted into the fake
site in order to make the victim believe it’s a real website. Another way could be by a social
engineering tactic, so you click on the link they sent.
However, we are not going to click randomly on links attackers of course use social
engineering tactics or other common tactics making you click the malicious site they have
sent. As Edward mention the attacker tries to induce fear or urgency. For example, they
might say ‘Your system has been hacked. Login here to change your password now’. Things
of that sort tricking you into inputting your personal information. (Edwards, 2024)
Now that talked about phishing and how attackers usually carry out these attacks, lets take
a closer look at the types of phishing attacks.
The common type where phishing attacks often happen are in emails. If you are to look at
your email right now. It is more than likely that you’ll have a phishing email trying to trick
you into clicking a link.
Another type which you might not be familiar with is called spear phishing, which targets an
individuals specifically. According to a 2020 report by the Canadian Centre for Cyber
Security, The attacker may have gathered a little bit of personal information about you prior
to the attack or can act as another individual which you might trust such as a friend, your
boss, making it more believable. Which is the reason you are tricked into clicking a link or
providing personal information. (Canadian Centre for Cyber Security, 2020)
Phishing can extend to much more such as using the same techniques of making you
believe to click a link or provide personal information but could be extended to text
messages, phone calls, not only emails. (Edwards, 2024)
�Knowing about these different attacks can make you more aware and to be more careful in
the tech world. However, knowing how to defend or to recognize these threats is equally
important. Therefore, now I will talk about some ways you can prevent being a victim of
phishing attacks.
Number one rule that the Canadian Centre of Cybersecurity suggest is that your personal
information is very important and you have to be cautious about sharing it with any
individual either through email, an unknown site, or text message. However, this is
straightforward and common sense. (Canadian Centre for Cyber Security, 2020)
So, what you got to watch out for is for the link itself. Usually, it is best to verify the link,
sometimes you will know whether the web address is valid or matches what you expect by
comparing it to the actual web address of the site. Also, make sure to look for misspelling
or other type of characters either in the email you do not usually see it can be in the web
address or email itself. (Edwards, 2024)
Another important point is enabling two-factor authentication or other multifactor
authentication on all your accounts and systems. That way even if the attacks have your
credentials, it will be difficult for them to login and gain access to your system or account.
(Canadian Centre for Cyber Security, 2020)
By applying these techniques and methods for recognizing phishing attacks. Now you will
be able to be safer and prevent yourself from falling victims to this common attack. As we
were able to learn previously this attack is carried out commonly through email but it can
also be carried out through other means like text or call.
I was able to discuss with you guys the different types of tactics and types of phishing
attacks that exist. Even though there are many more other there I was able to explain the
simple and common ones. At the end we discussed the ways we can prevent phishing from
happening to us and ways to be more aware of these attacks.
And remember that the tech world will not go away, so stay active and aware of such
attacks like phishing. Protect yourself and others because your personal information
matters.
� References
(on new page)
Canadian Centre for Cyber Security. (2020, April 6). Don’t take the bait: Recognize and avoid
phishing attacks - ITSAP.00.101. Canadian Centre for Cyber Security.
https://www.cyber.gc.ca/en/guidance/dont-take-bait-recognize-and-avoid-phishing-attacks
Edwards, J. (2024, October 24). Understanding and Avoiding Phishing Attacks: Techniques and
Examples. Nametrust: On Brand. https://nametrust.com/blog/understanding-phishing-attacks/
Ventures, C. (2024, November 18). Phishing scams and unpatched software are the biggest
cybersecurity threats in 2020. Cybercrime Magazine.
https://cybersecurityventures.com/phishing-scams-and-unpatched-software-are-the-
biggest-cybersecurity-threats-in-2020/
Dey, M. (2024, October 7). Phishing Statistics By Demographic, Healthcare, Industry and
Country. Sci-Tech Today. https://www.sci-tech-today.com/stats/phishing-statistics/
Phishing.org. (2019). What Is Phishing? Phishing.org. https://www.phishing.org/what-is-
phishing
