Written by: Durgadevi D
Volunteer, Shivi Forensics
What is phishing?
Phishing is a social engineering attack used to steal user data, including personal information, login credentials, credit card details and other secret financial information by creating a counterfeit website that looks like a real and trusted site.
It is a cyber attack that usually carried out via emails, SMS’s and Voice over IP calls.
How does phishing works
1. Attacker sends an email to victim.
2. Victim clicks on the email and directly goes to phishing website
3. Attacker gather victim’s credentials.
4. Attacker uses victim’s credentials to access a website
Signs of phishing
• Use of generic greetings
• Spoofed or fraudulent sender email address
• False sense of urgency
• Contains suspicious or unfamiliar URLs and attachments
• Emails appears legitimate webpages
• Request for confidential or payment information
• Contain spelling and grammatical mistakes
Types of phishing
1. Spear phishing
• Spear phishing targets a specific individual, instead of targeting a large number of people
• Attackers frequently use social media and other websites to research their victims.
• They can then customize their communications and come across as more genuine.
• The first step in breaking through a company’s security and then launching a targeted attack is frequently spear phishing.
2. Deceptive phishing
• Phishing involves sending a deceptive emails, in bulk, with a “call to action” that ask them to click a link.
• The goal is to steal personal or confidential information.
• Attackers use this information to steal money or carry out more attacks.
3. Clone phishing
• Clone phishing is a type of phishing attack where a genuine email is cloned.
• Attackers take a real email that contains a link or attachment and create an identical copy.
• The original link or attachment is replaced with an external malicious version.
• The fake email is sent from a spoofed address that looks like the original sender.
• This attack can infect a device, steal information, and help attackers access other systems.
4. Whaling
• When an attacker targets a “big fish,” such as a CEO is called whaling.
• In order to determine the best time and way to steal login credentials, these attackers frequently spend a significant amount of time profiling the target.
• Because high-level executives have access to a lot of firm information, whaling is especially concerning. It also targets politicians and celebrities.
5. Pharming
• Pharming is similar to phishing in that it directs people to fraudulent website that looks authentic.
• In this instance, though, victims are directed to the fraudulent website without even needing to click on a malicious link.
• Even if the user enters the proper URL, attackers can still infect the user’s computer or the website’s DNS server to reroute them to a fake website.
6. Voice phishing
• Vishing often called voice phishing.
• It is the use of fraudulent phone calls or voice message to trick people into giving money or disclosing personal information.
7. Smishing
• One of the simplest forms of phishing attack is SMS phishing, also known as SmiShing.
• SMS alert are used to target the user.
• Smishing is the practice of sending malicious text messages to trick people into clicking on a link or deliver personal information.
8. Search engine phishing
• Phishers will make fake product websites, get search engines to index them, and then wait for clients to provide their private information.
9. Man-in-the-middle phishing
• The phisher position himself between user and the legitimate website.
• Phishers will obtain user data without interfering with the user, whenever the user enter the information.
10. Content-injection phishing
• In order to trick users into providing sensitive information, attackers will replace the actual material on the website with bogus content.
Causes of phishing
1. Deceptive emails
2. Failure to verify the sender’s email address
3. Security weaknesses in web browsers
4. Lack of strong authentication on banking and financial websites
5. Limited use of digital signatures
6. Absence of secure desktop security tools
7. Low level of user awareness
8. Security flaws in software applications
Impact of phishing
• Online fraud and cyber scams
• Theft of personal identity information
• Financial losses to the institutions
• Challenges faced by law enforcement during investigations
• Loss of public trust in the internet
FOLLOW OUR SOCIAL MEDIA FOR MORE UPDATES
Youtube 👉🏻 https://m.youtube.com/@Shivi_Forensics
Instagram 👉🏻 https://www.instagram.com/shivi_forensics
Facebook 👉🏻 https://www.facebook.com/Shiviforensics
Linkedin 👉🏻 https://www.linkedin.com/company/shiviforensics
Join the Whatsapp Channel for more updates
𝐒𝐡𝐢𝐯𝐢 𝐅𝐨𝐫𝐞𝐧𝐬𝐢𝐜𝐬
Its time to study and spread knowledge
Contact us
+918576803105
shiviforensics@gmail.com
0 Comments