Phishing attacks

Phishing attacks one of the biggest threat to cybersecurity

Many businesses have reported victimization from data breaches and cyberattacks in the past year.  And most of them have reported being attacked through the phishing attacks. This kind of attack has been reported the most in the past year and it keeps on increasing. It is one of the major threats to cybersecurity these days. A total of 86% attacks have been identified as the phishing attacks and are recognized as the topmost means of attacking for the cybercriminals.

Phishing attack

This malware is designed and used to attack the user’s data, credit card information and login passwords. This takes place when the attacker pretends to be a trusted entity and makes you open their fabricated mail, text or message. This is followed by a malicious link, by clicking on which, the recipient’s device might install the malware, freeze your device or reveal personal information. Such attacks may lead to devastating outcomes. It might affect an individual by stealing their identity, funds and their login details.

The phishing attacks are also used on corporate and governmental networks being part of bigger attacks, as an advanced persistent threat (APT). Victims to such attacks usually sustain financial losses and defamation by customers, recovering from which is not easy.

Phishing techniques:

Phishing Emails

Phishing Emails attacks thousands at the same time and even with few of those thousand falls for the scam, these hackers get their hands on enough private information and money. There are many techniques used by these attackers to assure their success rates.

They extend their creativity and skills to craft an actual looking email, copying it from the real organizations with their mail phrasing, logos, and even the signatures to attract the users. They usually push the users to take instant action on the links by creating a sense of urgency. These mails do carry links resembling the legitimate links with very minor changes like (.) in place of (/) which is not easy to notice.  

Spear phishing

This phishing attack targets a particular person or organization. Such a phishing attack requires in-depth knowledge of the organization and its structure. 

The attack might take place as follows:

  1. Attacker researches about the employees and their names, working in an organization and then they access the recent project invoices.
  2. Faking as marketing director, attacker emails the departmental project manager, with the subject line as an updated invoice. It includes the duplicate logic and standard email template.
  3. This link redirects to a document with password protection, which is a spoofed version of the stolen invoice.
  4. Further, the PM is requested to log in for accessing the document. Meanwhile, the attacker steals all his credentials and access sensitive data.

Through spear phishing, the attacker accesses valid login credentials. This is an effective method of executing an APT.

Example of phishing attacks:

  • The recent PayPal scam has been much heard about, which affected many PayPal users. This scam starts with a basic email but ends up with the revelation of the victim’s personal and financial details along with their login credentials.
  • Their email specks as “someone tried to log in to their account from an unknown device”.
  • This email carries a link, by clicking on which, you land on a bogus site, which is an imitation of PayPal’s official site.
  • At this stage the victims are being asked to enter the captcha code (to prove you are human). This creates a sense of security among visitors. 
  • At last, the users are asked to log back into their accounts, after which the hacker has access to your login credentials along with other connected accounts and ends up by the victims getting logged out of there accounts permanently.

Resident blogger for Zenosec, interested in all things cybersecurity.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.