Skip to main content

What is Phishing? - Towards Cybersecurity

What is Phishing? - Towards Cybersecurity

In this article, I am explaining about phishing and its types. So, Let's begin.

Phishing is one of the most destructive and internet's oldest cyberattack in which an attacker steal private sensitive information like username, password, payment details, etc. It uses social engineering as well as spoofing tricks.

Social engineering means collecting personal information about a targeted person or an organization which gives an attacker the complete detailed analysis of the target.

Spoofing means pretending as a legitimate source so that the target believes it's legitimate. That means attackers use social engineering tricks to analyze the targeted person and use spoofing tricks to attract the targeted person in entering a phishing website or downloading malware.

The most popular form of phishing is Emails and it looks like as it comes from a legitimate (trusted) source. So, the targeted person believes it's trustworthy and attacker tricks the targeted person in entering a phishing website or downloading malware. Most destructive malware like Wannacry, Doomsday, Emotet, etc was also spread through phishing emails.

Phishing emails contain a malicious link and it takes the targeted person to the phishing website, some little unnoticeable changes are done by the attacker but it looks exactly like a legitimate website. It usually contains login related fields like username and password. So, this way attackers steal the login credential details of the targeted person or an organization.

That's why phishing attacks are the most destructive and dangerous. If someone has less knowledge about cybersecurity then its easy to compromise all security measures because attackers bypass a network with one phishing email. So, It is important that everyone has knowledge about phishing.

Three Components of Phishing Attack:-

1. The phishing attack is carried out via digital communication includes email, SMS, phone call, etc.

2. The attacker act as an individual or organization you can believe.

3. The goal id to collect personal sensitive information such as username, password, payment details, etc.

How Does Phishing Works?

Phishing emails are always sent with a subject that will make the target panic like some sense of urgency, account suspended, limited period offer, won a big cash prize, loan approved, etc. So, because of this target open the link or attachments as soon as the target sees.

For a normal person, it wouldn't easy to recognize a spoofed email. So, as soon as the target clicks and executed attachments or enter credentials in the phishing website, phishing would have been successfully executed.

Common Features of Phishing Emails

1. Too Good To Be True  Attractive offers or attention seeking sentences are designed to attract a person's attention instantly like you won a big cash prize, an iPhone, or a lottery. 

2. Sense of Urgency  A key method amongst attackers is to create a sense of urgency by telling you that one of your account suspended or one of your account was hacked so update your login details immediately. Due to this, most people will not think twice before clicking on the link. So, just ignore these types of emails and also remember that legitimate or reputable organizations never ask your personal sensitive information over the internet.

3. Attachments  If you see strange and unusual attachments in your email then don't download and open it. Because, These attachments may contain malicious threats like ransomware and malware.

What is Phishing? - Towards Cybersecurity

4. Hyperlinks  The email contains links that may not be true it appears to be. So, make a habit of hovering over the link before clicking upon it because it keeps you well informed about where it leads.

5. Unusual Sender  Be suspicious if emails come from unusual sender. However, also be suspicious even if emails come from the known sender (to whom you don't regularly communicate with over email).

6. Bad Look  If there are grammar mistakes, no logo, or different font types throughout the email body then be suspicious because these are the signs of a phishing email.

Types of Phishing:-

1. Deceptive phishing

It is a very ordinary type of phishing. In Deceptive phishing, the attacker attempts to gain private sensitive information from the targeted person or an organization and uses that information for financial gain.

2. Spear phishing

Spear phishing is targeted one in nature means attacker personalize their attack and send emails to only a certain person or certain organization. In spear phishing, an attacker firstly does research about a specific person or specific organization like through LinkedIn which is a professional social network, an attacker can easily find your employment information in one place and with all this information, an attacker tries to pretend trustworthy. That's why spear phishing is a critical and destructive threat to businesses because it could lead to a data breach.

3. Whaling

It is a special kind of spear phishing attack because Whaling phishing attack targets high-value individuals like CEO (Chief Executive Officers), CFO (Chief Financial Officer), or other high ranking executives in an organization. Here, an attacker does more research about targets. Whaling phishing attacks are also very dangerous and destructive because high-value individuals access most private sensitive corporate data.

4. Clone phishing

In clone phishing, attacker clone a legitimate email that targeted person recently received and then sends that clone email to the targeted person by doing some minor changes like replacing attachment with malicious one or replacing the link with a malicious one. Here, an attacker also spoofs the sender's email address. That's why clone emails are most difficult to detect.

5. Smishing and Vishing

Nowadays, mobile-based phishing attacks are increasing day by day. In mobile-based phishing attacks, smishing and vishing are very effective. 

Smishing is phishing via SMS. Here, You'll receive an SMS over mobile which contains a link and asking you to click on a link. But when you click on a link you'll be tricked into downloading malware that can compromise your mobile and sends you private sensitive information remotely to the hacker.

Vishing is phishing via mobile call. Here, an attacker will try to convince the target over the mobile to disclose private sensitive information.

So, These are the types of phishing.

If you have any questions related to phishing attack and also want to share your views on this then please mention in the comments box and I will get back to you.
Labels:

Comments

  1. Neil ProctorFebruary 14, 2023 at 1:55 AM

    Great article covering phishing! We created an authentication platform that combats phishing bad actors! Would love to share and discuss if you’re interested in learning. Let me know: Neil@VaultVision.com

    ReplyDelete

Post a Comment

Popular posts from this blog

How To Check If a Link Is Safe To Click

Many times, we share links among our friends on social media platforms like WhatsApp, Facebook, Instagram or Twitter. But do we know how safe they are? What can happen if you click on any malicious link? We never think of the following things : Links can drop various harmful programs, viruses on your device Links can steal your personal data by dropping spyware or keyloggers Use your browser for crypto mining which will affect your device's performance Even if your device is secured with antivirus, not all of them warn you before clicking such malicious links . And the moment you click on these, they will become big trouble for you. This can sometimes even be dangerous with regard to data security and identity theft. So, Be careful about what you click on. These days one of the quickest growing security issues is ransomware , which is often spread by the user unintentionally clicking dangerous links in emails, social media platforms, messengers, and other tool
145 comments
Read more

How To Enable WhatsApp Fingerprint Lock Feature on Android

WhatsApp has officially rolled out the fingerprint lock feature for all the Android users. Most of you may already have been doing it for the last few years with the help of third-party app lockers for adding more security. Keeping that in mind and to make the process quicker and safer at the same time, WhatsApp has now launched this new fingerprint lock feature so that you can open the app by your fingerprint. It means that regardless of whether the phone is opened, others won't have the option to gain access to the messages without your fingerprint. So, you can now secure your WhatsApp conversations with an extra layer of biometric security . With this step, WhatsApp is finally offering biometric authentication to the Android app, while iPhone users enjoying both the Touch ID that is the fingerprint recognition and Face ID that is the facial recognition since the month of February 2019. WhatsApp is also giving more options with the new fingerprint lock featur
50 comments
Read more

TikTok Secretly Sent Users Private Data & PII Number to Chinese Server Including Draft Videos

The popular Android and iOS short-videos creating app, TikTok hit with a lawsuit claims that the app illegally and secretly transfers app's users' private sensitive data and Personally Identifiable Information (PII) to Chinese servers. TikTok which is a 15-second short-video creating app especially popular among the younger generation and also downloaded over 1.3 Billion times worldwide . TikTok remains top in the most downloaded app list for months on the Apple App Store and Google Play Store.  According to the lawsuit, Tiktok shared the user's created videos which include private acts and closeups of user's faces (biometric data) before the videos are saved on the app. TikTok provides many options includes the next button, close button, and button for effects to its users while recording the video. Here, the next button takes users to the screen that shows these two options : "post" and "save".  After clicking on the "next" button, Tik
76 comments
Read more