wisemonkeys logo
FeedNotificationProfileManage Forms
FeedNotificationSearchSign in
wisemonkeys logo

Blogs

Phishing

profile
Sneha Mehetre
Aug 24, 2022
0 Likes
0 Discussions
129 Reads

Phishing is a cybercrime in which a target or targets are contacted by email, telephone or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information, banking and credit card details, and passwords.The information is then used to access important accounts and can result in identity theft and financial loss.

 

The first phishing lawsuit was filed in 2004 against a Californian teenager who created the imitation of the website “America Online”. With this fake website, he was able to gain sensitive information from users and access the credit card details to withdraw money from their accounts. Other than email and website phishing, there’s also 'vishing' (voice phishing), 'smishing' (SMS Phishing) and several other phishing techniques cybercriminals are constantly coming up with. Generally, emails sent by a cybercriminals are masked so they appear to be sent by a business whose services are used by the recipient. A bank will not ask for personal information via email or suspend your account if you do not update your personal details within a certain period of time. Most banks and financial institutions also usually provide an account number or other personal details within the email, which ensures it’s coming from a reliable source.

The Internet is a network of computers filled with valuable data, so there are many security mechanisms in place to protect that data.But there's a weakest link: the human. If the user freely gives away their personal data or access to their computer, it's much harder for security mechanisms to protect their data and devices.A phishing attack is an attempt to trick a user into divulging their private information.A phishing attack typically starts with an email that claims to be from a legitimate website, like a banking website or online store.The goal of the email is to obtain private data from the user, so it either asks the recipient to reply with personal information or it links to a website that looks remarkably like the original siteIf the user is convinced and enters private details on the site, that data is now in the hands of the attacker! If the user filled in login details, they can then use those credentials to log in to the real website, or if the user provided credit card details, they can use the credit card to make purchases anywhere.

Attackers use a variety of strategies to make tempting URLs:

Misspellings of the original URL or company name. For example, "goggle.com" instead of "google.com".

A spelling that uses similar looking characters from other alphabets. For example, "wikipediа.org" versus "wikipedia.org". The "e" and the "a" are actually different characters in those two domains.

Subdomains that look like the domain name. For example, "paypal.accounts.com" instead of "accounts.paypal.com". PayPal owns the second domain, but they have no control over the first.

A different top level domain (TLD). For example, "paypal.io" versus "paypal.com". Popular companies try to buy their domain with the most common TLDs, such as ".net", ".com", and ".org", but there are hundreds of TLDs out there.

Even if an attacker hasn't found a similar looking URL to host their malicious webpage, they can still try to disguise the URL in the HTML.

There's a new type of phishing that's even more popular and dangerous: spear-phishing. Instead of sending a similar email to many users, a spear phisher will research a user and send an email specifically targeting them.Spear phishing attacks often target people within organization, with the goal of gaining access to the organization's data.But not all spear phishing attempts are so obvious and not all targets are so vigilant. If just one person in an organization accidentally reveals their credentials or downloads malware onto their work computer, an attacker can potentially breach their entire company database. That's not just one person's data, that's thousands or millions of people's data. 

 

 

 


Comments ()


Sign in

Read Next

Koinex is shutting down and here is how you can withdraw...

Blog banner

Service transition principles

Blog banner

Data Structures

Blog banner

Operating system

Blog banner

operating system

Blog banner

Routers

Blog banner

Game via listing method

Blog banner

Dental Problems That Start Small But Should Never Be Ignored

Blog banner

Virtual Machine

Blog banner

Session Vulnerabilities

Blog banner

Threads

Blog banner

Blockchain technology: security risk and prevention

Blog banner

Throttle engine ’Sneak peek into the future’

Blog banner

Memory

Blog banner

What is Influencer Marketing and its Trends

Blog banner

Who decides your overthinking, anyway?

Blog banner

Cyber Attacks -- Trends Patterns and Security Countermeasures

Blog banner

The Right way of cooking

Blog banner

Direct Memory Access

Blog banner

A BLOG ON MYSQL

Blog banner

The Sunny Side of Instagram

Blog banner

Exploring Virtual Machines and Computer Forensic Validation Tools

Blog banner

5 Powerful Mindset Shifts To Make 2026 Your Breakthrough Year

Blog banner

Admissions Open: Why This Is the Right Time to Choose the Best School for Your Child

Blog banner

Famous Indian dishes that where misunderstood to be Indian

Blog banner

An Overivew Of Cache Memory

Blog banner

HOW CAN SOCIAL MEDIA MAKE YOU HAPPIER?

Blog banner

Digital black market or dark net poses a national security threat?

Blog banner

12 Principles of Animation

Blog banner

MD5 Collisions and the impact on computer forensics

Blog banner

John Titor: The Time Traveler

Blog banner

Direct Memory Access

Blog banner

CyberSecurity Color Wheel

Blog banner

The functions of operating system

Blog banner

Mutual exclusion

Blog banner

ARTICAL ON MANAGEMENT SYSTEM

Blog banner

Components of GIS

Blog banner

Windows Operating System

Blog banner

Security in Cloud Computing

Blog banner

Rules and Regulations of Networking: "Standards and Protocols" - Part 2

Blog banner

PERSONAL STORIES

Blog banner

How to kiss

Blog banner