What You Must Know About Phishing Techniques and Attacks

What You Must Know About Phishing Techniques and Attacks

Phishing is a type of social engineering attack often used to steal personal data, such as login details and credit card numbers.

Phishing occurs when an phisher masquerades as a trusted entity thereby dupes a victim into opening an email, instant message, respond with some codes to sms, or text message.

The innocent recipient is then tricked into clicking a malicious link, which can lead to the installation of malware into the victims computer of phone, this results in the freezing of the system as part of a ransomware attack or the revealing of sensitive information.

In this article, I will talk about types of phishing techniques and how to  prevent them.

Here's a brief look at five common phishing threats that often arise in enterprise settings. Each example features "Evans," a mid-level employee in the finance department who is trying to get through his busy day and respond to hundreds of emails.

1. Breach of Trust 
Evans gets an email from what he thinks is his bank asking him to confirm a wire transfer. The email takes him to a link that looks like his bank's website but it is actually a "spoofed" but identical copy of his bank's website.

When he gets to the page, he entered his credential but nothing happened. Too late, Evans just gave his bank password to a cybercriminal.

2. Data Update 
Evans gets an email from Joe telling him to take a look at a document that is attached. The document contains malware. Evans may not even realize what has happened.

A MUST READ: 10 Ways To Prevent Online Phishing Attacks

He looks at the document, which seems normal. The resulting malware might log his keystrokes for months, compromise the entire network, and lead to massive security breaches throughout the organization.

3. False Lottery 
Evans gets an email saying he's won a prize from a sweepstakes. Normally, Evans is too savvy to fall for this trick. However, this email comes from his boss, Joe, and references a charity that they both support.

He clicks, and ends up at a bogus page that loads malware.
5. Impersonation 
Evans gets an email from his boss Joe, who says that he needs money wired to a known vendor as pre-payment for an emergency job. Can Evans wire them the money right away?

 It seems fairly routine. Evans wires the money to the account requested. The money is untraceable and never seen again.

5. Sentimental Abuse 
 Evans gets an email from someone claiming to be Joe's brother-in-law. He's suffering from cancer and has had his insurance cancelled. He asks Evans to donate to help him recover from his illness.

Evans clicks on the link and is taken to a bogus charity site. The site could host malware or just steal Evans's credit card information via a bogus "online donation".

No comments