{"id":1337,"date":"2021-06-08T09:01:51","date_gmt":"2021-06-08T09:01:51","guid":{"rendered":"https:\/\/blog.amt.in\/?p=1337"},"modified":"2021-06-08T09:01:51","modified_gmt":"2021-06-08T09:01:51","slug":"introduction-to-phishing","status":"publish","type":"post","link":"https:\/\/blog.amt.in\/index.php\/2021\/06\/08\/introduction-to-phishing\/","title":{"rendered":"Introduction to Phishing"},"content":{"rendered":"<p>Phishing\u00c2\u00a0is the attempt to obtain\u00c2\u00a0sensitive information\u00c2\u00a0such as usernames, passwords, and\u00c2\u00a0credit card\u00c2\u00a0details and\u00c2\u00a0money, often for\u00c2\u00a0malicious\u00c2\u00a0reasons, by disguising as a trustworthy entity in an\u00c2\u00a0electronic communication. The word is a\u00c2\u00a0neologism\u00c2\u00a0created as a\u00c2\u00a0homophone\u00c2\u00a0of\u00c2\u00a0fishing\u00c2\u00a0due to the similarity of using a\u00c2\u00a0bait\u00c2\u00a0in an attempt to catch a victim. According to the 2013 Microsoft Computing Safety Index, released in February 2014, the annual worldwide impact of phishing could be as high as US$5 billion.<\/p>\n<p>Phishing is typically carried out by\u00c2\u00a0email spoofing\u00c2\u00a0or\u00c2\u00a0instant messaging, and it often directs users to enter personal information at a fake website, the\u00c2\u00a0look and feel\u00c2\u00a0of which are identical to the legitimate one and the only difference is the URL of the website in concern. Communications purporting to be from\u00c2\u00a0social web sites,\u00c2\u00a0auction sites, banks,\u00c2\u00a0online payment processors\u00c2\u00a0or IT administrators are often used to lure victims. Phishing emails may contain links to websites that are infected with\u00c2\u00a0malware.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-234 alignleft\" src=\"http:\/\/blog.amt.in\/wp-content\/uploads\/2017\/11\/PhishingAttacks-2-BLOG-300x184.png\" alt=\"\" width=\"474\" height=\"290\" srcset=\"https:\/\/blog.amt.in\/wp-content\/uploads\/2017\/11\/PhishingAttacks-2-BLOG-300x184.png 300w, https:\/\/blog.amt.in\/wp-content\/uploads\/2017\/11\/PhishingAttacks-2-BLOG-768x471.png 768w, https:\/\/blog.amt.in\/wp-content\/uploads\/2017\/11\/PhishingAttacks-2-BLOG.png 915w\" sizes=\"auto, (max-width: 474px) 100vw, 474px\" \/><\/p>\n<p>Phishing is an example of\u00c2\u00a0social engineering\u00c2\u00a0techniques used to deceive users, and exploits weaknesses in current web security.\u00c2\u00a0Attempts to deal with the growing number of reported phishing incidents include\u00c2\u00a0legislation, user training, public awareness, and technical security measures.<\/p>\n<p>Phishing attempts directed at specific individuals or companies have been termed\u00c2\u00a0spear phishing.\u00c2\u00a0Attackers may gather personal information about their target to increase their probability of success. This technique is by far the most successful on the internet today, accounting for 91% of attacks.<\/p>\n<p>Clone phishing is another type of phishing attack whereby a legitimate, and previously delivered, email containing an attachment or link has had its content and recipient address(es) taken and used to create an almost identical or cloned email. The attachment or link within the email is replaced with a malicious version and then sent from an email address spoofed to appear to come from the original sender.<\/p>\n<p>Several phishing attacks have been directed specifically at senior executives and other high-profile targets within businesses, and the term\u00c2\u00a0whaling\u00c2\u00a0has been coined for these kinds of attacks.\u00c2\u00a0In the case of whaling, the masquerading web page\/email will take a more serious executive-level form. The content will be crafted to target an upper manager and the person&#8217;s role in the company.<\/p>\n<p>Most methods of phishing use some form of technical deception designed to make a\u00c2\u00a0link\u00c2\u00a0in an email and the\u00c2\u00a0spoofed website\u00c2\u00a0it leads to appear to belong to the spoofed organization. Even digital certificates do not solve this problem because it is quite possible for a phisher to purchase a valid certificate and subsequently change content to spoof a genuine website, or, to host the phish site without\u00c2\u00a0SSL\u00c2\u00a0at all.<\/p>\n<p>Another attack used successfully is to forward the client to a bank&#8217;s legitimate website, then to place a popup window requesting credentials on top of the page in a way that makes many users think the bank is requesting this sensitive information.<\/p>\n<p>Not all phishing attacks require a fake website. Messages that claimed to be from a bank told users to dial a phone number regarding problems with their bank accounts.\u00c2\u00a0Once the phone number (owned by the phisher, and provided by a\u00c2\u00a0voice over IP\u00c2\u00a0service) was dialed, prompts told users to enter their account numbers and PIN.\u00c2\u00a0Vishing\u00c2\u00a0(voice phishing) sometimes uses fake caller-ID data to give the appearance that calls come from a trusted organization.<span style=\"font-size: 14.1667px;\">\u00c2\u00a0<\/span>SMS phishing\u00c2\u00a0uses cell phone text messages to induce people to divulge their personal information.<\/p>\n<p>The above mentioned are some of the methods or modes of Phishing Attacks. Being a little more cautious is what is important to avoid such attacks. Refraining from opening unwanted and unknown links will certainly keep us away from Phishing Attacks.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Phishing\u00c2\u00a0is the attempt to obtain\u00c2\u00a0sensitive<\/p>\n","protected":false},"author":1,"featured_media":1339,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[68,813,7],"tags":[814,815,18],"class_list":["post-1337","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-phishing","category-phishing-attack","category-techtrends","tag-phishing","tag-phishing-attack","tag-technology"],"_links":{"self":[{"href":"https:\/\/blog.amt.in\/index.php\/wp-json\/wp\/v2\/posts\/1337","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.amt.in\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.amt.in\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.amt.in\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.amt.in\/index.php\/wp-json\/wp\/v2\/comments?post=1337"}],"version-history":[{"count":1,"href":"https:\/\/blog.amt.in\/index.php\/wp-json\/wp\/v2\/posts\/1337\/revisions"}],"predecessor-version":[{"id":1338,"href":"https:\/\/blog.amt.in\/index.php\/wp-json\/wp\/v2\/posts\/1337\/revisions\/1338"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blog.amt.in\/index.php\/wp-json\/wp\/v2\/media\/1339"}],"wp:attachment":[{"href":"https:\/\/blog.amt.in\/index.php\/wp-json\/wp\/v2\/media?parent=1337"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.amt.in\/index.php\/wp-json\/wp\/v2\/categories?post=1337"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.amt.in\/index.php\/wp-json\/wp\/v2\/tags?post=1337"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}