Phishing

Phishing is an act where an attacker impersonates as a legitimate person or entity and deceives a target to get sensitive information by sending emails, texts, SMS or having voice calls.

The following are different techniques used in phishing attack.

• Email phishing – Attacker sends email with links when clicked by a user redirect to malicious websites which looks genuine and captures sensitive information like username, password.

• Vishing – Attacker uses voice or phone calls, deceives the victim and gets information.

• Pharming – Attackers redirects user when they click on genuine website domain and redirects to malicious sites using DNS poisoning leveraging rogue DNS Server that sends DNS response with malicious IP address to the DNS requests from the victim.

• Spear phishing – Attacker targets specific person in an organization and does phishing through email, SMS or voice.

• Whaling – Attacker targets high profile people like CEO, CFO, CIO and does phishing.

• Pop-up phishing – Attacker installs scripts in the victim laptop’s brower which gives pop up that has malicious link which when clicked performs phishing.

• Evil twin phishing – Attacker sets up fake Wi-Fi network similar to a legitimate Wi-Fi network. When the victims connect to the malicious Wi-Fi network, sensitive information are captured.

• Watering hole phishing – Attacker identifies the websites visited by the victim often and infect that victim which when visited redirects to malicious website or captures the sensitive information from the same website through malicious scripts.

• Clone phishing – Attacker takes the identical copy of legitimate message what has links and replaces the link with malicious website URLs which when clicked redirects users to the malicious websites and captures sensitive informaiton.

• Search engine phishing – Attacker creates fake malicious websites that during search which when clicked takes to the malicious website and captures information.