What is Phishing?

Phishing

Phishing is one of the popular techniques of social engineering attack. The main attach vector is email where an attacker leverages the specially crafted emails, websites, and text messages to steal user data, including login credentials and credit card numbers. Attackers often masquerade as trusted ones and trick their victims into opening an email or clicking on links. Those malicious links can lead to the installation of malware or the revealing of sensitive information.

Types of Phishing

Smishing:

Also known as SMS phishing, attackers send messages to their victims’ cell phone to trick them into revealing their information. They also send malicious messages with hidden links, if user clicks on the message, it can lead to malware installation.

Vishing:

Also known as voice phishing, it is the use of fake caller ID to appear as a trusted entity to get personal information or urge the user to enter account details via the phone.

Spear phishing:

This is a targeted version of phishing attack. In this attack, a threat actor targets a specific individual or a specific group of employees but on a small scale. Attackers launch the attack after having some specific information about the target.

Whaling:

Whaling is identical to spear phishing, except for the size of the fish. An attacker uses the same tactics as spear phishing but targets the high-profile employees, such as an executive or a manager within a company.

QR Code Phishing:

QR code phishing is a type of fraud where an attacker generates a malicious QR code to steal user information. QR codes make it very easy to quickly navigate to specific web pages, but they can also lead the users to malicious websites infected with malware.

===================================

Special thanks to David Meece

Day 02 of 100 #cybertechdave100daysofcyberchallenge