Logo Logo
  • Home
  • Modshield SB
  • services
    • Application Security Testing
    • Infrastructure Security Testing
    • IoT Security Testing
    • Testing for Compliance
    • Red Team Exercise
    • Performance Testing
  • Training
    • Cybersecurity Awareness Program
    • Secure Development – Web
    • Secure Development – Mobile
  • Resource
    • Blog
    • CyberNews
  • About
    • Partners
    • Contact

Phishing

  • Home
  • Blog Details
September 17 2021
  • Blog

Phishing is a form of social engineering where an attacker masquerades as a reliable entity or asset and tries to breach the system by misleading them. Their motivation is to lure the personnel to get hold of sensitive data such as company assets, employee information, financial information, and passwords.

Phishing starts with communication that appears to be legitimately designed to coax the victim to provide information on a fraudulent page. The obtained information is generally used as part of financial gain or in some cases it may even be used to launch advanced attacks on the organization.

Phishing is of many types, some of the most common types are 

Types of Phishing attack. Email Phishing, Clone Phishing, Whaling, Spear Phishing
Types of Phishing Attack

EMAIL PHISHING

Email phishing is where an attacker tries to obtain disclosed assets or information by deceiving the user. Emails that appear to be legitimate are sent by the attacker and these emails will have links that install certain malware thereby sabotaging the entire system. Phishing is being used as a tool for ransom calls, login credential theft or to sell data illegally to a third party. Parallelly There are certain ways to identify a phishing email that is listed as follows

Types of Phishing Email phishing is where an attacker tries to obtain disclosed assets or information by deceiving the user
Email Phishing

Legit emails do not demand sensitive data:   Legitimate organizations will not demand your valuable credentials. So whenever your sensitive data is demanded by an organization, it must be made sure the trustworthiness is backchecked.

Organizations have a domain email address: Organisations generally have a domain email on their own. Whenever an email comes from an organization, check the “from” address and also make sure it is not being subjected to any alterations.

Legitimate emails will be structured: The emails from trustworthy organizations will follow a definite pattern. The style of writing will be professional with few to no grammatical errors whereas spam messages are written with absolutely little care. Checking the grammar might help one in identifying these links.

Employees from the last line of defense, as a result, it is the duty of every organization to conduct anti-phishing training to prevent them from falling for any of these traps.

SPEAR PHISHING

Spear Phishing is where an attacker tries to install malicious software on a targeted user or an organization. The attacker communicates through email by purporting as a reliable entity or an asset.  Their motive is to get hold of sensitive information and sell it illegally or use this as a tool to enact financial transactions.

Types of Phishing Attacks: Spear Phishing
Spear Phishing

Spear phishing is a more sophisticated form of attack mainly focused on reconnaissance. Countries hire professional hackers to instigate attacks on other nation’s security resources to ensure substantiate dominance over the other. It is very difficult to defend against this type of phishing since the malefactors make use of more generic phishing tools and can launch different forms of attacks.

Organizations must make use of both technical and human controls to mitigate these threats.  Companies must follow standard protocols such as phishing simulation tests, user education and have to deploy a  dedicated threat hunting team to prevent spear phishing attacks.

CLONE PHISHING

Clone phishing is where the hacker makes a replica of a legitimate email and performs minimum alterations to the email such as replacing the target link, sending it from a spoofed email id, replacing the sender’s name thus tricking the user to click on it. When the user clicks the link,  it injects a malicious program into the user’s computer.

Types of Phishing Attacks: Clone phishing is where the hacker makes a replica of a legitimate email and tirck the victim to steal data
Clone Phishing

MITIGATION

One can protect from any phishing attacks by educating the user in identifying phishing activity from legitimate requests. Organizations must also ensure in deploying a layered approach to lessen the impact of phishing. Re-organizing work culture and frequent security checks might help the organization encroach on these types of attacks.

WHALING

Whaling is a phishing attack aimed at senior members of the company through social engineering mainly for siphoning money. Whale phishing attacks are hard to detect given the hackers’ ability to disguise the attack, this makes the attack look like legit emails or links

Types of Phishing Attacks: Whaling
Whaling

In a whaling attack, attackers launch an email that looks legitimate from a trusted source, often other employees within the company, customers, etc.

MITIGATION

Strong anti-spam software can detect unknown email domains that may appear to look familiar with DNS authentication services such as DMARC, DKIM, and SPF.

 

 

Read our latest blogs

Previous Post Next Post

Leave a Comment

Recent Posts

  • What is compliance and why do you need it?
  • OWASP WAF – Web Application Firewall
  • Top Cyber News April Week 3
  • Top Cyber News April Week 2
  • Data security in cloud computing

Recent Comments

  1. Computer Network Assignment Help on What is White Box Testing?
  2. Vishnu on IEC 62443 – Cybersecurity for Industrial Automation and Control Systems

Archives

  • June 2022
  • April 2022
  • March 2022
  • February 2022
  • January 2022
  • December 2021
  • November 2021
  • October 2021
  • September 2021
  • August 2021
  • December 2020
  • November 2020
  • October 2020
  • September 2020
  • June 2020

Categories

  • Blog
  • CyberNews
  • WAF
© Copyright 2020. Anada WordPres Theme By WordPressRiver
Manage Cookie Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options Manage services Manage vendors Read more about these purposes
View preferences
{title} {title} {title}