Phishing is a cybersecurity attack to convince target humans to convince to provide some valuable information about them or their assets. Phishing mainly targets human being and human-related vulnerabilities to exploit.
The first legal lawsuit was filled in 2004 about the phishing. The attacker was a Californian teenager who has created a fake
American Online web site. By sending emails to the targets where they are redirected to this fake web site the credit card details can be collected easily.
Phishing Attack Types
Phishing attacks can be implemented in different ways. Here is some of the most used.
- `Email` is the most common and know the type where fake emails are sent to the targets with different content and aim.
- `Phone Calls` are made to the target in order to get some user name password or convenience to do some action which will exploit target assets.
- `Text messages` can be also used similar to email but with a less effectivity.
Common Features Of Phishing
There are different ways to catch phishing but in general, phishing has some common features like below.
- `Too Good To Be True` means it is not possible in a normal life which is very lucrative.
- `Sense of Urgency` means it tries to take some actions without thinking or checking the truth.
- `Hyperlinks` are generally used to redirect a user to the attacker’s site, application or action
- `Attachment` mainly used to run some script, tool, application or exploit the targets system like desktop, laptop, smartphone etc.
- `Unusual Sender` means the phishing sender or attackers are generally unknown by the target.
The main target of the attacker is information which is valuable for the attacker and as well as for the target. Here we will list them in general.
- `Username and Password`
- `Credit Card Information`
- `Names and Surnames`
- `Social Connections`
- `Email Accounts`
- `Enterprise Accounts`
Top 10 General Email Subjects
Attackers create and use some scenarios during a phishing attack. Generally, they have a common subject were top 10 of them listed below.
- `De-activation of in Process`
- `A Delivery Attempt was made`
- `You have a new voice mail`
- `Failed Delivery for Package`
- `Staff Review 2018`
- `Revised Vacation&Sick Time Policy`
- `APD Notification`
- `Order From Amazon`
- `Scanned image from MX2310@domain.com`
Phishing Web URL Tricks
Most used phishing tick is redirecting the target to the fake web site and URL. Generally, bank, social network, email, corporate web sites or URL’s are imitated. Here we will list some imitation of these URL.
- `https://www.ebay.com` Correct
- `https://www.ebay.net` Fake
Phishing vs Vishing vs Smishing
Phishing is a generic term used to define this attack type. But there is some type of attacks which is the under umbrella one of the phishing.
- Vishing is a new form of phishing like Voice Phishing and done by calling the target.
- `Smishing` is phishing by using SMS Phishing and mainly used to redirect the user to a link or respond with valuable information.
Defence with Phishing
Phishing attacks are very popular and successful in cybersecurity. We have to take some measures to prevent phishing attacks and their damages. Here some tips about defending against Phishing.
- Email Gateways are useful which provides technical measures to detect suspicious emails.
- User Awareness is the most important ways to defend against phishing
- Check URLs is done by the user for different hyperlinks
- Check source is done by the user for its identity
- Check the content whether the mail is related with the user