WHAT IS PHISHING ?

WHAT IS PHISHING ?

PHISING IMAGE

Phishing is one of the easiest forms of cyber attack for a criminal to carry out, but one which can provide these crooks with everything they need to infiltrate every aspect of their targets' personal and working lives.Phishing is a form of fraud in which an attacker masquerades as a reputable entity or person in email or other communication channels.

 The attacker uses phishing emails to distribute malicious links or attachments that can perform a variety of functions, including the extraction of login credentials or account information from victims.

That data can be as simple as an email address and password, to financial data such as credit card details or online banking credentials or even personal data such as date of birth, address and a social security number.

Whatever the ultimate goal of the attack, phishing revolves around scammers tricking users into giving up data or access to systems in the mistaken belief they are dealing with someone they know or trust.

When did phishing begin?
PHISING BEGIN

The consensus is the first example of the word phishing occurred in the mid-1990s with the use of software tools like AOHell which attempted to steal AOL user names and passwords.
These early attacks were successful because it was a new type of attack, something users hadn't seen before. AOL provided warnings to users about the risks, but phishing remained successful and it's still here over 20 years on. In many ways, it has remained very much the same for one simple reason - because it works.

Types of phishing



  1. SPEAR PHISHING ATTACKS
  2. WHALING ATTACKS
  3. PHARMING
  4. VOICE PHISHING

Phishing techniques



PHISING TECHNIQUE



Phishing attacks depend on more than simply sending an email to victims and hoping that they click on a malicious link or open a malicious attachment. Some phishing scams use JavaScript to place a picture of a legitimate URL over a browser's address bar. The URL revealed by hovering over an embedded link can also be changed by using JavaScript.

Homograph spoofing depends on URLs that were created using different logical characters to read exactly like a trusted domain. For example, attackers may register domains that use different character sets that display close enough to established, well-known domains. Early examples of homograph spoofing include the use of the numerals 0 or 1 to replace the letters O or l.

For example, attackers might attempt to spoof the microsoft.com domain with m!crosoft.com, replacing the letter i with an exclamation mark. Malicious domains may also replace Latin characters with Cyrillic, Greek or other character sets that display similarly.
One way attackers bypass phishing defenses is through the use of filter evasion techniques. For example, most phishing defenses scan emails for particular phrases or terms common in phishing emails -- but by rendering all or part of the message as a graphical image, attackers can sometimes deliver their phishing emails.

How to prevent phishing ?


PREVENT PHISING
Training, training and more training. It might seem like a simple idea, but training is effective. Teaching staff what to look out for when it comes to a phishing email can go a long way to protecting your organisation from malicious attacks.
Exercises such as enabling staff to make errors - and crucially learn from them - in a protected sandbox environment or carrying out authorised penetration testing against employees can both be used to help alert users to potential threats and how to spot them.
A web security gateway can also provide another layer of defense by preventing users from reaching the target of a malicious link. They work by checking requested URLs against a constantly updated database of sites suspected of distributing malware.

At a technical level, disabling macros from being run on computers in your network can play a big part in protecting employees from attacks. Macros aren't designed to be malicious - they're designed to help users perform repetitive tasks with keyboard shortcuts

HISTORY OF PHISHING

PHISING HISTORY

The history of the term phishing is not entirely clear.
Another explanation for the origin of phishing comes from a string -- <>< -- which is often found in chat logs because those characters were a common HTML tag found in chat transcripts. Because it occurred so frequently in those logs, AOL admins could not productively search for it as a marker of potentially improper activity. Black hat hackers, the story goes, would replace any reference to illegal activity -- including credit card or account credentials theft -- with the string, which eventually gave the activity its name because the characters appear to be a simple rendering of a fish.







0 comments:

Post a Comment