What is Phishing Attack ?

What is Phishing?

Phishing is the attempt to obtain sensitive information such as usernames, passwords, and credit card details (and indirectly money), often for malicious reasons, by disguising as a trustworthy entity in an electronic communication.

Attacker usually creates a fake website which has the look and feel which are almost identical to the legitimate one.Like www.amazonn.com(notice the double ‘n’ in amazon) instead of www.amazon.com. And then tries to acquire personal information such as password from you.It is typically carried out by email spoofing or instant messaging, and it often directs users to enter personal information at a fake website

How to recognize a Phishing Email?

Here is a great KnowBe4 resource that outlines 22 social engineering red flags commonly seen in phishing emails.
I recommend printing out this PDF to pass along to family, friends, and coworkers.
phishing prevention

Types of phishing techniques:

1. Spear Phishing :
Phishing attempts directed at specific individuals or companies have been termed spear phishing. Attackers may gather personal information about their target to increase their probability of success. This technique is, by far, the most successful on the internet today, accounting for 91% of attacks.

2. Vishing (Voice Phishing) :
Voice phishing is the criminal practice of using social engineering over the telephone system to gain access to private personal and financial information from the public for the purpose of financial reward. It is sometimes referred to as ‘Vishing’, a word that is a combination of “voice” and phishing. Vishing exploits the public’s trust in landline telephone services, which have traditionally terminated in physical locations known to the telephone company, and associated with a bill-payer. Vishing is typically used to steal credit card numbers or other information used in identity theft schemes from individuals.

3. Smishing:
SMS phishing or smishing is a form of criminal activity using social engineering techniques. A smishing text, for example, attempts to lure a victim into revealing personal information via a link that leads to a phishing website.

Examples of Phishing:

1. This is a very common example of a Phishing Attack. If we notice the URL address, we can clearly identify that it’s not from the original Amazon and that it is from some other third party!!

amazon website Spoofing

2.  Best Example of Smishing. Again if we notice the URL Address carefully it has “paypayl.com” instead of “paypal.com”.

paypal sms phishing

3. Spoofed emails often contain links that lead to spoofed websites, where various methods are used to request and collect a person’s financial and personal information.

gmail website Spoofing

 

4. Yet Another Example of Website Spoofing for getting account details from the victim.

facebook website Spoofing

 

Advice: Make it a practice to visit websites by entering their specific URL’s in the address bar yourself and not by clicking the links in some mails or messages. One Wrong Click can cost you alott!

Found it Interesting? Got Something to ask??
Feel free to comment it below.

Stay Secure ! Stay Happy !!

 

Taha Chatriwala

Spreading Cyber Security Knowledge to the people of this digital era !

You may also like...

2 Responses

  1. Sumedha says:

    Nicely explained with examples and all.
    Great article!!!

  2. prasenjeet pal says:

    great article!

Leave a Reply

Your email address will not be published. Required fields are marked *

16 − 1 =