PHISHING ATTACK

What is Phishing?
Phishing is a type of cybersecurity attack during which malicious actors send messages pretending to be a trusted person or entity. Phishing messages manipulate a user, causing them to perform actions like installing a malicious file, clicking a malicious link, or divulging sensitive information such as access credentials. Phishing is the most common type of social engineering, which is a general term describing attempts to manipulate or trick computer users. Social engineering is an increasingly common threat vector used in almost all security incidents. Social engineering attacks, like phishing, are often combined with other threats, such as malware, code injection, and network attacks.

Can you spot a phishing attack?

=> Sometimes you can spot a phishing attack and avoid trouble by just deleting the message. Some of the signs might include:

1. Suspicious looking source email address
2. Generic greeting like “Dear customer” – instead of the customization most organizations offer
3. Spoofed hyperlinks – if you can hover your mouse over the link, the destination displayed in the preview might be completely different than the destination displayed in the message
4. Poor spelling, or sloppy layout
5. Suspicious or unusual attachments – treat all attachments and links with caution

How to avoid being tricked by phishing

1. Always be suspicious of any message that requests you to click a link or open an attachment.
2. Be cautious of any message communicating a sense of urgency or dire consequences should you fail to take immediate action.
3. If you are concerned about a message, contact the person or the organization using a different, validated method like a phone number you already had or check the organization’s website ‘Contact Us’ information. Never use the links or contact information in the message you are concerned about.
4. Be careful not to provide personal or sensitive information in response to a message.

What should you do if a phishing attack is successful?

=> If you believe you may have fallen victim to a phishing attack, here are some suggested steps:

1. Change any affected passwords – If possible, immediately change the password for any affected accounts. If this password was also used for other online accounts, change the passwords for those accounts to something unique and strong.
2. Contact the fraud department of the breached account – If the phishing attack compromised your company’s account at a financial institution, contact the bank immediately to report the incident. Monitor for unauthorized transactions to the account. If a personal account was involved, contact the 3 major credit bureaus to enable fraud alerts.
3. Notify appropriate people in your company – follow your company’s incident response plan to ensure the appropriate personnel are aware of the incident.
4. Notify affected parties – if personal data of others (e.g., customers, suppliers) was compromised, be sure to notify them. The compromised personal data could be used for identity theft. Check the website of your state’s attorney general for information on data breach notification requirements.

• Above image shows how to check/analyse that how phishing email looks like.

Types of phishing attack

-> Email Phishing
Most phishing attacks are sent via email. Attackers typically register fake domain names that mimic real organizations and send thousands of common requests to victims.

For fake domains, attackers may add or replace characters (e.g. my-bank.com instead of mybank.com), use subdomains (e.g. mybank.host.com) or use the trusted organization’s name as the email username (e.g. mybank@host.com).

Many phishing emails use a sense of urgency, or a threat, to cause a user to comply quickly without checking the source or authenticity of the email.

Email phishing messages have one of the following goals:

1. Causing the user to click a link to a malicious website, in order to install malware on their device.
2. Causing the user to download an infected file and using it to deploy malware
3. Causing the user to click a link to a fake website and submit personal data.
4. Causing the user to reply and provide personal data.
5. Spear Phishing
6. Spear phishing includes malicious emails sent to specific people. The attacker typically already has some or all of the following information about the victim:

Name
Place of employment
Job title
Email address
Specific information about their job role
Trusted colleagues, family members, or other contacts, and samples of their writing

This information helps increase the effectiveness of phishing emails and manipulate victims into performing tasks and activities, such as transferring money.

-> Whaling
Whaling attacks target senior management and other highly privileged roles. The ultimate goal of whaling is the same as other types of phishing attacks, but the technique is often very subtle. Senior employees commonly have a lot of information in the public domain, and attackers can use this information to craft highly effective attacks.

Typically, these attacks do not use tricks like malicious URLs and fake links. Instead, they leverage highly personalized messages using information they discover in their research about the victim. For example, whaling attackers commonly use bogus tax returns to discover sensitive data about the victim, and use it to craft their attack.

-> Smishing and Vishing
This is a phishing attack that uses a phone instead of written communication. Smishing involves sending fraudulent SMS messages, while vishing involves phone conversations.

In a typical voice phishing scam, an attacker pretends to be a scam investigator for a credit card company or bank, informing victims that their account has been breached. Criminals then ask the victim to provide payment card information, supposedly to verify their identity or transfer money to a secure account (which is really the attacker’s).

Vishing scams may also involve automated phone calls pretending to be from a trusted entity, asking the victim to type personal details using their phone keypad.

-> Angler Phishing
These attacks use fake social media accounts belonging to well known organizations. The attacker uses an account handle that mimics a legitimate organization (e.g. “@pizzahutcustomercare”) and uses the same profile picture as the real company account.

Attackers take advantage of consumers’ tendency to make complaints and request assistance from brands using social media channels. However, instead of contacting the real brand, the consumer contacts the attacker’s fake social account.

When attackers receive such a request, they might ask the customer to provide personal information so that they can identify the problem and respond appropriately. In other cases, the attacker
provides a link to a fake customer support page, which is actually a malicious website.