During phishing, a target or targets are approached by email, telephone, or text message by someone posing as a legitimate institution. This is done to lure individuals into providing sensitive data such as passwords, banking and credit card details, and personally identifiable information.
The information is then used to access sensitive accounts, resulting in identity theft and financial loss.
Types of phishing:
- spear phishing
- search engine phishing
- email phishing
Common Features of Phishing:-
- Too good to be true-Many people claim you won an iPhone, a lottery, or some other lavish prize. Avoid clicking on suspicious emails. If it seems too good to be true, it probably is!
- Sense of Urgency– They may even tell you that you only have a few minutes to respond. You should ignore these kinds of emails when you see them. You may be told that your account will be suspended if you do not update your personal information immediately. The most reliable organizations always give patrons plenty of time before terminating an account, and they never ask them to update their personal information online. If in doubt, visit the source directly rather than clicking a link.
- Hyperlinks– Clicking on a link shows you the actual URL to which you will be directed. It could be something completely different, or it could be a popular website with a misspelling, such as www.bankofarnerica.com – the ‘m’ is an ‘r’ and an ‘n’, so look carefully.
- Attachments– Payloads like viruses and ransomware are often contained in attachments. Clicking on a .txt file is always safe.
- Unusual Sender – If anything seems out of character, unexpected, out of the ordinary, or just suspicious in general, don’t click on it!
When using a pole to fish, you may find flounders, bottom feeders, or trash below the surface. Spearfishing allows you to target a specific fish. This is why it is called spearfishing.
Spear phishing targets specific groups or types of individuals, such as an organization’s system administrator. Please note the industry in which the recipient works, the download link the victim is asked to click, and the immediate response the request requires.
Whale phishing is a targeted type of phishing that goes after whales – even big than fish. Attacks of this kind typically target the CEO, CFO, or any CXX within an industry or business. The whaling email may state that the company is facing legal consequences and that you should click on the link for more information.
The link takes you to a page where you must enter critical information about the company, such as its tax ID and bank account number.
Text messages or short messaging services (SMS) are used in smishing attacks. Through smishing, a message is sent to a cell phone that contains a clickable link or a return phone number.
An example of a smishing attack is an SMS message that looks like it came from your financial institution. The message informs you that your account has been compromised and that you need to respond immediately. The attacker requests your bank account number, Social Security number, etc. The attacker has control of your bank account once he or she receives the information.
Vishing has the same purpose as other types of phishing attacks. The bushwhackers are still after your sensitive particular or commercial information. This attack is fulfilled through a voice call. Hence the “ v” rather than the “ ph” in the name.
A common vishing attack includes a call from someone claiming to be a representative from Microsoft. This person informs you that they’ve detected a contagion on your computer. You’re also asked to give credit card details so. the bushwhacker can install a streamlined interpretation of anti-virus software on your computer. The bushwhacker now has your credit card information and you have probably installed malware on your computer. The malware could contain anything from a banking Trojan to a bot ( short for robot). The banking Trojan watches your online exertion to steal further details from you – frequently your bank account information, including your word. A bot is software designed to perform whatever tasks the hacker wants it to. It’s controlled by command and control ( C&C) to mine for bitcoins, shoot spam, or launch an attack as part of a distributed denial of service (DDoS) attack.
search engine phishing
Search engine phishing additionally referred to as search engine marketing poisoning or search engine marketing Trojans, is wherein hackers paintings to come to be the pinnacle hit on a seek the use of a seek engine. Clicking on their hger animalsyperlink displayed in the seek engine directs you to the hacker’s website. From there, dangerous actors can scouse borrow your statistics whilst you engage with the web website online and/or input touchy data. Hacker websites can pose as any form of a website, however, the top applicants are banks, cash transfers, social media, and buying websites.
Email phishing is that the commonest kind of phishing, and it’s been in use since the 1990s. Hackers send these emails to any email addresses they will obtain. the e-mail sometimes informs you that there has been a compromise to your account which you would like to retort forthwith by clicking on a provided link. These attacks are usually straightforward to identify as language within the email usually contains a writing system and/or grammatical errors. Some emails are troublesome to recognize as phishing attacks, particularly once the language and descriptive linguistics are a lot of fastidiously crafted. Checking the email supply and the link you’re being directed to for suspicious language will offer you clues on whether or not the supply is legitimate. Another phishing scam, spoken as sextortion, happens once a hacker sends you an email that seems to own come back from you. The hacker claims to have access to your email account and your pc. They claim to have your parole and a recorded video of you. The hackers claim that you just are observation adult videos from your computer whereas the camera was on and recording. The demand is that you pay them, sometimes in Bitcoin, or they’re going to unleash the video to family and/or colleagues.