LightBlog

Sunday, 18 November 2018

What is Phishing Attack? - Phshing Attack - Phishing Scams


What-is-Phishing-Attack|


What is Phishing Attack? - Phishing Attack - Phishing Scams 


A phishing Attack is a fraud attempt to obtain sensitive information such as username, password, and credit card details by hiding in electronic communication as a trusted entity. 

Generally, by email spoofing or instant messaging, it often directs users to enter personal information on the fake website, which looks and feels like what is a legitimate site.

Phishing Attack is an example of Social Engineering techniques used to deceive users. Users are often craved by communication from trusted parties like trusted web parties, auction sites, banks, online payment processors.

The goal of the Fishing Attack effort is to obtain the recipient to take the desired action, such as providing login certificates or other sensitive information. 

For example, a phishing email coming from a bank can warn the recipient that their account information has been compromised, so that a person can be directed to the website where their username and password can be reset. is. 

This website is also a fraud, which is designed to look valid but is fully present for collecting information from Phishing victims.

These fraudulent websites may also contain malicious code that is executed on the user's local machine when the link to the Phishing email is clicked to open the website.

Types of Phishing Attacks


Spear Phishing Attack


Guided phishing attempts at specific individuals or companies are called Spear Phishing

Unlike bulk fishing, Spear Phishing Attackers often collect and use personal information about their goals to increase the chances of success

Clone Phishing Attack


Clone Phishing is a type of Phishing Attack by which a valid, and first delivery has been emailed with an attachment or link, its content and recipients have been detected and used to create almost identical or cloned emails.

The attachment or link within the email has been replaced with a malicious version and then sent from the email address that appears to come from the original sender. This original or original version can claim to be a resend in the original.

This technique can be used first to pivot (indirectly) from the infected machine and due to both sides receiving the original email, exploiting the social trust associated with the estimated connection, can get a foothold on another machine is.

Whaling Phishing Attack


In particular, Whaling Phishing words for guided Spear Phishing Attacks have been prepared for senior officials and other high profile goals.

In these cases, the material will be prepared to target the role of the person in the upper manager and the company's role. The content of a whaling attack email can be an operational problem such as a subpoena or customer complaint.

Social Engineering Attack


Users can be encouraged to click on different types of unexpected content for different types of technical and social reasons. For example, a malicious attachment may be masked as a mammoth linked Google Doc.

Voice Phishing Attack


Not all Phishing Attacks require fake websites. Claiming messages from banks asked users to dial a phone number in connection with problems with their bank accounts.

Once the phone number (owned by Fisher, and provided by voice over the IP service) was dialed, the indications prompted the users to enter their account number and PIN. 

Wishing (voice phishing) sometimes uses fake caller-id data so that it can give the presence that comes from a trusted organization.

SMS Phishing Attack


SMS Phishing, also known as smashing, uses cell phone text messaging to inspire people to reveal their personal information

Other Technique By use in Phishing Attack


1. Another Phishing Attack is used successfully, forwarding the customer to the legitimate website of the bank, then to request credentials at the top of the page for a window, because many users think that the bank has this information bank Is requesting.

2. Another Phishing Attack is used successfully, to forward the customer to the bank's legitimate website, then to request certificates at the top of the page for the window, because many users think that the bank has this information The bank is requesting.

3. Identifying the evil twins is a Phishing Technique is difficult to recognize. A fisher is a fake wireless network that looks like a legitimate public network that can be found in public places such as airports, hotels, or coffee shops.

Whenever someone logs on a fake network, fraudsters are trying to capture their password and or credit card information.

Common Features of Phishing Emails


1. Very good to be true - Attractive offers and attractive or attention-grabbing statements are designed to attract people's attention immediately.

For example, many claim that you have won an iPhone, lottery, or some other grand prizes. Do not just click on any suspicious email. Remember that if this is good to be true, then it is probably!

2. Unusual Sender - Even if it seems that it is from a person whom you do not know or who you know, if anything is normal, unexpected, out of character or anything normally suspects normally, do not click on it!

3. Hyperlinks -It seems that a link cannot be so. Hovering on a link shows you the actual URL where you will be instructed to click on it. This can be completely different or it can be a popular website with an incorrect website, for example, www.bankofarnerica.com - 'M' is actually an 'R' and 'N', so watch carefully!

4. Sense of Urgency - A favorite strategy between Cyber Criminals tells you to work fast because super deals are only for a limited time. Some of them will also tell you that you have only a few minutes to answer. When you come to these types of emails, it is best to ignore them.

Sometimes, they will tell you that your account will be suspended until you update your personal details immediately. Most trusted organizations give enough time before the end of the account and they never ask the guardian to update individual details on the Internet.
In doubt, instead of clicking on a link in the email, go directly to the source!

How to Identify Phishing Attacks


Phishing Attack is often started through email communication, but there are ways to separate suspicious emails from legitimate messages. On the way to identify these malicious emails, training workers are required for enterprises who want to stop sensitive data loss.

Often, these data leak occurs because employees were not armed with the knowledge necessary to help protect important company data.


The following indicators may be that an email company is a Phishing Attack attempt rather than an authentic communication.

  • The email with general greetings Instead of using the actual name of the recipient in the phishing email often includes general greetings like "Hello Bank One Customer". It is a clear explanation for Phishing Attacks launched in bulk, while spear phishing attacks will usually be personalized.
  • Emails requesting personal information. Most legitimate companies never email customers and ask the website link to enter the login certificate or other personal information. It is a safeguard to help protect consumers and helps customers to distinguish fraudulent emails from legitimate people.
  • Emails requesting immediate response Most phishing emails try to create a sense of urgency so that the main recipients are afraid that their account is in danger or they will lose access to important information if they do not act immediately.
  • The email with fraudulent links. Does a hyperlink in the message body actually take to the page that is claimed? Never click on these links to find out; Instead, hover over the link to verify its authenticity. Also, look for URLs that start with HTTPS. "S" indicates that the website uses encryption to protect users' page requests.


In doubt, call. If the content of an email is related, call the company in question to know if the company was legally sent to the company.

If not, then the company is now aware and can take action to warn users of potential phishing attempts of other customers and prospective companies.

Related:
Tags: what is phishing,phishing,what is phishing attack,phishing attack,phishing email,spear phishing,phishing scams,phishing (website category),what is phishing in hindi,phishing in hindi,phishing website,email phishing,phishing page,phishing scam,phishing emails,what is phising,what is social engineering,what is phishing tamil,phishing hack,gmail phishing attack,what is phishing attack?,what is a phishing attack

No comments:

Post a Comment