What is phishing?
Phishing is a technique using which attackers can steal sensitive information like financial details or the identity information of victims. The attackers usually masquerade themselves to be trustworthy entities and deceive the victims into providing sensitive details.
The term “Phishing” is a homophone of fishing. Attackers use fake bait to trap victims and hence the term.
We see the first occurrence of phishing back in 1995. Attackers posed as AOL company representatives and contacted AOL users, asking them “to verify account” or “confirm billing information.” Some users got trapped and provided sensitive information like account numbers, passwords, credit card numbers, etc. Lots of AOL users fell victim. Eventually, AOL’s policy was enforced against phishing, and lots of steps were taken, which almost stopped the illegal activities. But, from then on, attackers started using various social engineering techniques to trap victims.
Different types of phishing
There are mainly four different types of phishing.
Sometimes, attackers do not target any individual victim as such. Instead, they masquerade themselves to be trustworthy authorities and send fraudulent emails to thousands of recipients together. Some of the victims fall in the trap and end up providing sensitive information. This is called bulk phishing.
Sometimes, an individual or a company is targeted separately. This is called spear phishing. This is the most widely used phishing technique.
In one phishing technique, attackers copy a legitimate email sent by a legitimate authority and replace the links within the email with that of fraudulent websites. They also change the sender’s email ID to look like the email is from some trustworthy entity and claim that the new email is an updated version of the original email. Lots of victims cannot detect these fraudulent techniques and fall into the trap, and end up providing sensitive information after visiting the fraudulent links provided by the attackers. This is called clone phishing.
In another phishing technique, attackers target senior executives. They send emails claiming to be customer complaints, executive issues, or even legal subpoenas. The emails contain fraudulent links that look real, but actually, they collect sensitive information. Sometimes, the emails contain links and attackers ask the victims to install some software from the links and thus trap the victims. This is called whaling.
Different techniques used in phishing
In almost all phishing, attackers use some social engineering (What is social engineering and how to prevent it?) techniques. Some commonly used techniques are mentioned below.
Attackers sometimes manipulate a link so that it looks like the link has come from some trustworthy entity. For that purpose, …
0 Comments