What is phishing?
phishing is a social engineering attack to trick you into revealing your personal and confidential information. It is also a common type of cyber attack. The term phishing is commonly used to describe this artifice. There is also a good reason for the use of ph instead of f. The earliest hackers were known as phreaks. Phreaking refers to the exploration or experimenting and study of telecommunication. Phreaks and hackers have always been closely related. The ph spelling was used to link phishing frauds with these underground communities.
History of phishing and case studies.
A phishing technique was first ever described in detail in a paper presentation delivered to 1987
international HP user group. the first ever known phishing direct attack was attempted against a
payment system affected E-gold in June 2001 which was followed up by a “post-9/11 id check” shortly after the attack on the World Trade Center on September 11 which made a huge noise. And followed by several attacks.
The term phishing can be traced in the early 1990s via American online or AOL. where a group of hackers banded together called themselves as “The Warez Community” are considered as the first hackers. In early fraudulence, they developed an algorithm which allowed them to generate fake credit card numbers. which they would later use to attempt to make phony AOL accounts.
case study 1
wanna cry shuts downs business in 180 countries. it is remembered as one of the worst cyber attacks in history. This ransomware attack is suspected of having impacted more than 2,30,000 around 150
countries. The debate is still on the top whether the attack was from a suspected e-mail id or the
other phishing method used.
case study 2
Google docs hacked over 3 million people stopped working worldwide on May 2017 where phisher was
caught sending fraudulent emails inviting to edit Google Docs. on opening the invitations they were
brought to a tricky third-party app, where the phishers were able to access peoples Gmail accounts.
Facebook and Google took for $100 million after the month of this incident U.S. Department of Justice (DOJ) arrested Lithuanian man for allegedly stealing of $100 million from the two top know companies of U.S. the phishers targeted attack successfully by using phishing email by inducing employees into wiring the money to overseas bank accounts under his control.
Types of phishing
- Deceptive Phishing
- Spear phishing
Deceptive phishing is one of the most used phishing methods. In this method, the attackers attempt to gather all the confidential information from the victims. These attackers use the gathered information to steal or to launch other attacks. A fake email is been generated from a bank asking you to click a link and verify your account details.
Spear phishing basically targets individuals instead of a large group. Attackers usually
a victim on social media and other websites so that they can customize their communication and appear more realistic Spear phishing is one of the most commonly used or the first step used to penetrate a company’s defenses and carry out an attack research their
whaling is a method used to attack directly senior or important individuals at an organization or a company. These attackers often spend a huge amount of time on target by gathering information. once an opportune moment is gained they launch an attack or steal login credentials. whaling attack is
only targeted on high-level executives who are able to access the confidential part of the company’s
information. This method is also known as CEO fraud.
pharming is as similar as a phishing attack. here the victims are directed to bogus sites through fictitious emails and to reveal their sensitive information. But in pharming, the victim does not even have to click on the link in the email. the attacker can easily infect the user’s computer or the web server and redirect it to a fake site even if the correct URL is entered.
prevention of Phishing
- Keep informed of phishing technique
- Think before you click
- Install an anti-phishing toolbar
- Verify sites security
- Check online account regularly
- Keep your browser up to date
Keep informed of phishing technique:
modern phishing technique is being developed in the upcoming days. without the knowledge, you can easily fall for a phishers trap. to avoid it get regularly updated on the phishing scams as early as possible. By all these awareness u will be at a much lower risk of becoming a prey to an animal. for IT users ongoing security awareness training and simulated phishing is highly recommended for the safety of a top organization.
Think before you click:
It’s fine to click on a link that is on trusted sites. but clicking in a link that appears in a random email with a grammatical error and with different links is not a smart move. A phishing email may claim to be from atop institutions, company, organization etc. it may look same as the original website. but the email may ask u to fill the information through which they can access all your personal details. So think before you click.
Install an anti-phishing toolbar:
Most of the internet browser can be customized with anti-phishing toolbars. This helps with a quick check of the phishing threats that you are visiting and compare them with the list of the phishing websites. if the enter or click on a phishing site or link it alerts us about it. this is one the protective layer of anti-phishing scams.
Verify sites security:
It’s natural to share a little sensitive financial information online. as long as we make sure that the website is secured. however to be on a safer side check the site’s URL begins with “https” and a closed lock icon near the address bar. If you are alerted by an anti-phishing tool that the site contains any malicious files, do not enter the site and never download any files from malicious websites or emails. By using a cracked software it may lead u to a phishing website which offers low-cost products. by purchasing at these websites the user financial details like debit card details etc can be accessed by cybercriminals
Check online account regularly:
if you don’t visit your online account frequently or for a while, there are chances of a phishers field day with it. so it is advisable to check your online account every now and then and to have a strong password. to prevent bank phishing and credit card phishing scams, you need to personally ensure that there is no fraudulent transaction happening without your knowledge.
Keep your browser up to date:
security updates are released frequently for all popular browsers. they are released to fix the security loopholes and to face the upcoming threats. regular updates can keep you safe from phishing and other kinds of cyber attacks.
These are the few important steps to be followed to prevent yourself from phishing attacks