Scribd
Upload
19 views5 pages

Phishing Attack 1729031298

Uploaded by

saul Flores
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
19 views5 pages

Phishing Attack 1729031298

Uploaded by

saul Flores
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 5

Phishing

What is Phishing
In simple terms, phishing is part of cybercrime where cybercriminals
aim to obtain one's personal data including credentials, bank details,
credit card information etc. Adversaries typically employ the
conventional strategy, which includes sending fake emails or
communications that appear to be from reputable sources, such as
reputable banks, websites, or card issuers. Their ultimate objective is
to coerce consumers into disclosing personal information so they can
use it maliciously.
The attacker crafts the website in such a way that the victim feels it to
be an authentic site thus taking the bait and falling for it. The most
common way to carry out a phishing attack is through emails. Once
the attacker gets access to the victim's personal data it can be used in
every harmful way possible. Phishing can be carried out in many
possible ways. It is one of the most common, easy to execute yet one
the most harmful cyber-attacks which could endanger any
organization in the blink of an eye

All content and information in this document


is only for educational purposes Smriti Jha
Types of Phishing Attacks
1. Spear Phishing:
In this method, the attacker targets a particular organization or
individual, where the adversary gets the full information of the target
and then starts to share malicious emails directly to their inbox to
persuade them to share confidential information.

Example: The attacker finds the email ID of person A personA@outlook


and starts sharing malicious emails to that person pretending to be from
the IT department asking to share their username and password for
some kind of update. This is the most common yet most successful type
of attack.

2. Whaling:
Whaling is a form of spear phishing in which the intended recipient is a
senior executive or head of the business, such as the CEO, CFO, or CISO.
The attacker creates a phishing email and attempts to exert pressure on
the executives so they feel rushed for time and fall for the tactics,
exposing sensitive information.

Example: The CFO of xyzcompany is [email protected]. The


attacker targets these individuals and persists in sending emails claiming
that “your machine has a virus; click the update link to avoid having all
files and data erased,” placing additional pressure on the victim.

3. Smishing:
Smishing operates by sending victims SMS or inviting them to call a
number or get in touch with the sender, rather than directly via
websites. The victim is then taken to a phishing page, where the
remaining stages are followed exactly like in a typical phishing attempt.

Example: Once an attacker gains access to a credit card holder's phone


number, they begin sending the victim several messages, such as "you
have rewards on your credit card, or you can raise your credit limit to
100,000, etc." Once the victim clicks on the link, they are directed to
similar-looking websites such as their banking page.

All content and information in this document


is only for educational purposes Smriti Jha
4. Vishing:
Voice phishing is another name for vishing. By employing contemporary
caller ID spoofing, the attacker can persuade the target that the call is
coming from a reliable source when they phone them. IVR (Interactive
voice response) is another tool used by attackers to thwart law
enforcement's efforts to track them down. Credit card / PAN & Aadhar
card numbers and other private information are typically taken from the
victim using this method.

Example: We have all seen multiple fraudsters pretending to be


someone from any bank where we have an account to offer credit cards
or ask for any other sensitive information.
Recently vishing has taken a whole new level where people can ask for
OTP or passkey via a phone call pretending to be someone genuine.

5. Clone Phishing:
In this kind of phishing, the attacker duplicates emails from reliable
sources, modifies the content, and adds a link that leads the victim to a
phoney or dangerous website. Currently, the attacker sends this email to
a broader audience before watching to see who opens the attached file.
It propagates among the user's contacts after they click on the
attachment which could be malware as well.

Example: The attacker can copy an open proposal which has been
shared with many people by the CEO of some company. Now the
attacker can copy and paste the same content of that mail with slight
changes like asking for some security money or clicking the link to fill
out a form etc. and fetch personal details and illegal money.

Note: There are several more types of phishing; will be attaching the link in the reference

All content and information in this document


is only for educational purposes Smriti Jha
Impact Phishing Attacks
• Financial Loss
• Identity Theft
• Disruption to Business Operations
• Spread of Malware
• Loss of customers
• Regulatory penalties
• Loss of organization value

Prevention
• Authorized Source
• Confidentiality
• Phishing Detection Tool
• Keep your system updated
• Conduct security awareness training
• Use strong passwords & enable two-factor authentication
• Exercise caution when opening emails or clicking on links
• Do not give your information to an unsecured site
• Do not be tempted by tricky/false pop-ups (ads)
• Rotate passwords regularly

Phishing can be identified and avoided in a variety of ways.


Additionally, there are tools for conducting phishing attacks to verify,
protect, and test phishing attacks to raise awareness among people or
employees before they click on phishing links. The same will be shared
in the forthcoming report.

All content and information in this document


is only for educational purposes Smriti Jha
Conclusion
Phishing can be challenging to identify; cyber-criminals have mastered
the art of deceiving individuals into exposing sensitive data. Therefore,
it is a severe issue which can fetch information in merely seconds if
precautions are not being taken. One should always verify the identity
of an individual asking for your personal information or the URL before
clicking. Even if you have entered a website and after some time you
realize it is phishing, you can quickly close the website without sharing
any personal information at all, if it seems even 1% suspicious. One
should always remain vigilant to evade such tactics and safeguard
oneself by recognizing them before falling for their hook.

References:
Please refer to the below links for a detailed explanation

• https://www.fortinet.com/resources/cyberglossary/types-of-phishing-
attacks

• https://www.geeksforgeeks.org/what-is-phishing/

• https://www.lepide.com/blog/10-ways-to-prevent-phishing-attacks/

All content and information in this document


is only for educational purposes Smriti Jha

You might also like