Skip to main content

What is Phishing Attack? Understanding Phishing and it's Types

Phishing is a method used by fraudster for stealing valuable personal data from a user. It is generally done by sending emails or creating fake websites. One of the most common attacks that we see on cyberspace is phishing and it is rapidly growing cyber threat. To get the personal information from people attacker send a fraud email to large no. of people and few might fall for the scam. The attacker will ask the victim to provide their sensitive information like credit card information, social security number or username, and password. Phishing is one of the most common cyber-attack it is very easy to do, and it also doesn't require much resources and time. Most of the phishing act are automated and the done in a bulk and they wait for the victim to put their information.  The attacker will create a fake login form, malicious files or personalized message and send the victim to take the action on their email. If it reaches up to the victim, then they might think that the email is legitimate, and they might put their personal info and the attacker will use the credential for their own benefit.  
More than 60% of cyber attacks are associated with phishing and social engineering.
Cyber-attack can be active or passive, we can say that phishing is a passive attack. Phishing is a continual attack and most of the attack is done on social media like Facebook, Twitter, and Instagram. The phishing email will contain a link to the fake website which will look exactly like the legitimate website. Phishing is also called brand spoofing because in this attack attacker is making a fake website of the original one. The attacker is looking for a new niche to attack from where they can gain a lot of profit. Before they used to steal iTunes account information but these they are moving to cryptocurrency platform [1]
Most of the cyber-attacks start with phishing because there is a chance that many people will fall for phishing scam easily. 91% of cyber attacks start with the phishing email [2]. 76% of cybersecurity experts uncovered that there were phishing attacks of some sort in their organizations in 2017. [3]. A phishing attack is being huge, and it is very important for any organizations to apply anti-phishing techniques to protect their sensitive data.

Types of Phishing

Attackers are using different kinds of phishing methods so that they can steal the credentials from the victim. Below are the most common types of phishing:
Deceptive phishing
This is one of the most common phishing types. In this kind of attack, the fraudster will create a website that looks like the website of the legitimate company and sends email to a lot of users with a call of action which will open the login page of the fake website. The attacker will steal the information if the victim inputs their personal information on that form. The attacker will send an email that resembles a legitimate email from the company personnel to get the trust of the victim. So, that victim easily falls for the scam.
In the above figure, we can see that display name is "Microsoft Team" but the email doesn't belong to Microsoft and this is one random email address. Here the email is sent with a link which refers to the phishing site. This is one example of a deceptive phishing email.
Spear Phishing
In spear, phishing attacker tries to trick the victim by being someone they know. For this attacker use the name, email, company or the phone number that the victim already knows and have connection with them. Purpose of doing so is to create more trust level for the attack. The victim will think that they have received an email from the people they know, and they might click on the link that is sent on the email or other media that is used for the attack. 
Smishing
Smishing is a security attack that is done by sending a phishing message on the mobile device of the user with SMS. Since the use of the mobile device is increasing rapidly hackers are moving to mobile devices to trap the people. There are more than 2 billion smartphone phone users [4]. It is easier to spoof a text message hacker using SMS technology to send malicious links.
Search Engine Phishing
If the victim is building any websites and getting it indexed on the search engine for stealing personal credential from the people, it is called search engine phishing. Generally, the victim creates a fake website or the website with fake promises and then they submit their websites on popular search engines like Google, Yahoo, Bing. They do blackhat or greyhat SEO so that their page can be listed on the first page of the search engine. Whenever victim search for the keyword that attacker has targeted and if the page in the top then there is a good chance that victim will fall for the scam. Search engine phishing has become very popular in 2018 because many people use the search engine to find the things that they need, and they even trust the top results they appear on a search engine. 
Attackers these days are also using the paid listing on a search engine. They will create an ad for their websites on the search engine and wait for the victim to fall for the scam [5]. It is more effective than traditional search engine phishing because when they paid for the advertisement the results are at the top and the legitimate website is listed below that. 
Malware-Based Phishing
For malware-based phishing, the attacker will install the malware on the computer of the victim. They might attack the victim in a bulk or they might do a single attack. Once the malware is installed on the system of the victim the malware will start collecting the information from the machine and will submit it to the attacker. Some of the malware-based phishing are keyloggers, session hijackers and web Trojan.  Sometime, an attacker might use the web browser extension to collect the activity of users and data. 
Man in the middle
In this attack, the attackers place themselves in the middle of victim and the website they are trying to access. These days most of the websites and services uses 2 step verification so that if their account information is compromised then no one can access the account because they will need to provide one more credential. Due to rise of two factor authentications on most of the services attackers are using man in the middle attack so that they can steal the credential in the real time providing the 2-step verification code that victim had input.

References:

Popular posts from this blog

Why should we stop using SMS-based two-factor authentication?

 Today, securing an application is challenging as attackers are becoming increasingly sophisticated. A proper authentication system plays a significant role in application security, as, without one, the app’s vulnerability could allow a malicious person to gain unauthorized access. Poorly configured authentication systems and human error are the most common reasons for data breaches. Therefore, to address this issue, the concept of two-factor authentication (2FA) or multifactor authentication is applied. In addition to user ID and password, 2FA requires users to input a temporary code unique to them to verify their identity. This creates an extra layer of security by adding one more element to the authentication process. If a user’s login credentials are compromised, malicious actors won’t be able to access the resources since they would need to have both the login credentials and the 2FA code.  One of the most widely used methods of 2FA is an SMS-based code, where the user needs to en

Five Ways to Get Rid of Cryptojacking Malware

Cryptojacking is a growing threat in 2018 and there are several ways to prevent this threat. Few of the methods to prevent this emerging online threat are discussed below. Installing browsing extension Most of the crypto mining malware works from the web browser so we can stop that malware by installing a browser extension. There are few browser extensions like ublock origin & Malwarebytes that will help to block any cryptojacking scripts. If we have these extensions installed on the browser, they will automatically stop those scripts from running on the browser which will prevent the browser from running the mining code. Those extensions are available for free and they regularly update their signature. Since they will automatically filter the mining codes we don’t need to check them manually. Therefore, installing a proper extension will help to get rid of cryptojacking malware. Installing only trusted applications Another big source of crypto mining malware is untrusted ap

What is Ransomware & How to Prevent it?

Hackers are looking for a new and easier way to make money by entering on other people's system and ransomware is one of the tools they use to make money by locking the computer of people and organization. In my previous article, I discussed cryptojacking malware and why it is a big threat to information security. On that article, you can read how and why bad guys are injecting code on people's computer to make money from that. Ransomware is another major threat to cyberspace that I would like to discuss this article. What is ransomware? Ransomware is a software that is designed to block access to any system, files or operating system until we pay a certain amount to the attacker. Most of the time the attacker will encrypt the files of the computer and they will provide the key to decrypt only after paying the amount they are demanding. Most of the ransomware attack will give very limited time to the victim to pay the demanded amount and if they fail to decrypt it within th