What Is Phising, Attack Types and Defences?
Phishing is a cybersecurity attack to convince target humans to convince to provide some valuable information about them or their assets. Phishing mainly targets human being and human-related vulnerabilities to exploit.
The first legal lawsuit was filled in 2004 about the phishing. The attacker was a Californian teenager who has created a fake
American Online web site. By sending emails to the targets where they are redirected to this fake web site the credit card details can be collected easily.
Phishing Attack Types
Phishing attacks can be implemented in different ways. Here is some of the most used.
Phone Callsare made to the target in order to get some user name password or convenience to do some action which will exploit target assets.
Text messagescan be also used similar to email but with a less effectivity.
Common Features Of Phishing
There are different ways to catch phishing but in general, phishing has some common features like below.
Too Good To Be Truemeans it is not possible in a normal life which is very lucrative.
Sense of Urgencymeans it tries to take some actions without thinking or checking the truth.
Hyperlinksare generally used to redirect a user to the attacker’s site, application or action
Attachmentmainly used to run some script, tool, application or exploit the targets system like desktop, laptop, smartphone etc.
Unusual Sendermeans the phishing sender or attackers are generally unknown by the target.
The main target of the attacker is information which is valuable for the attacker and as well as for the target. Here we will list them in general.
Username and Password
Credit Card Information
Names and Surnames
Top 10 General Email Subjects
Attackers create and use some scenarios during a phishing attack. Generally, they have a common subject were top 10 of them listed below.
De-activation of in Process
A Delivery Attempt was made
You have a new voice mail
Failed Delivery for Package
Staff Review 2018
Revised Vacation&Sick Time Policy
Order From Amazon
Scanned image from MX2310@domain.com
Phishing Web URL Tricks
Most used phishing tick is redirecting the target to the fake web site and URL. Generally, bank, social network, email, corporate web sites or URL’s are imitated. Here we will list some imitation of these URL.
Phishing vs Vishing vs Smishing
Phishing is a generic term used to define this attack type. But there is some type of attacks which is the under umbrella one of the phishing.
- Vishing is a new form of phishing like Voice Phishing and done by calling the target.
Smishingis phishing by using SMS Phishing and mainly used to redirect the user to a link or respond with valuable information.
Defence with Phishing
Phishing attacks are very popular and successful in cybersecurity. We have to take some measures to prevent phishing attacks and their damages. Here some tips about defending against Phishing.
- Email Gateways are useful which provides technical measures to detect suspicious emails.
- User Awareness is the most important ways to defend against phishing
- Check URLs is done by the user for different hyperlinks
- Check source is done by the user for its identity
- Check the content whether the mail is related with the user