What is Phishing ? Work of cyber attacks? How to Prevent it

What is phishing ?

Phishing is a method of trying to gather personal information using deceptive e-mail and website, Here is what you need to know about this venerable, but increasingly sophisticated, from cyber attack.

Phishing is a cyber attack that user disguised email as a weapon. The goal is to trick the email recipient into believing that the message is something they want or need a request from their bank, for instance or note from someone in their company and to click a link or convey download an attachment.

What really distinguishes phishing is the form the message takes the attackers masquerade as a trusted entity of some kind. often a real or plausibly real person, or a company the victim might do business with. it's one of the oldest types of cyber attackers, dating back to the old age and its still one of the widespread and pernicious, with phishing messages and techniques becoming increasingly sophisticated.

Talking about real time phishing scam have succeeded well enough time to make it.

• One of the most consequential phishing attacks in history happened in 2016, when hackers manged to get Hillary Clinton campaign chair John Podesta to offer up his Gmail password.

• The Fappening attack in which intimate photos of a number of celebrities were made public was originally thought to be a result of insecurity on Apple's iCloud servers, but was i fact the product of a number of successful phishing attempts. 

What is phishing kit?

    The phishing kits make it easy for cyber criminals, even those with minimal technical skills, to launch phishing campaigns. A phishing kit bundles phishing websites resource and tools that need only to installed on a server. Once installed, all the attacker needs to do is send out emails to potential victims. Phishing kits as well as mailing lists area available on the dark web. A couple of sites, like Phishtank and OpenPhish, keep crowd-sourced lists of known phishing kits. Some phishing kits allow attackers to spoof trusted brands, increasing the chances of someone clicking on a fraudulent link, Akamain's research provided in its Phishing-Baiting Hook reports found more than 60 kits variants for Microsoft, more than 10 for pay-pal, 7 for DHL, and 11 for Dropbox

Phishing kit loos like

Types of Phishing

If there's common denominator among phishing attacks its the disguise. The attackers spoof their email address so it looks like its coming from someone else, setup fake websites that look like once the victim trusts, and use some URLs.

That said there are a variety of techniques that fall under the umbrella of phishing. There are a couple of different ways to break attacks down into categories. One is by the purpose of the phishing attempt. Generally a phishing campaign tries to get victim to do one of two things.

• Hand over sensitive information. These messages aim to trick the user into revealing important data often a username and password that the attacker can use to breach a system or account The classic version of this scam involves sending out an email tailored to look like a message from a major bank by spamming out the message to millions people, the attackers ensure that at least some of the recipients will be customer if that bank. The victim clicks on a link i the message and is taken to a malicious site designed to resemble the bank web-page and the hopefully enters their username and password. The attackers can now access the victim's account.

•  Download malware. Like a lot spam, these types of phishing emails aim to get the victim to infect their own computer with malware. Often the messages are "soft targeted" they might be sent to an HT staffer with an attachment that purports to be job seeker's resume for instance, These attachments are after . zip files, or Microsoft Office documents with malicious embedded code. The most malicious code is ransomware in 2017 it was estimated 93% of phishing emails contained ransomware attachments.

Spear phishing 

    When attackers try to craft a message to appeal to a specific individual that's called spear phishing. Example if there is lot of fish but scammers wants to target one individual person.

Phishing identify their targets( Sometimes using information on sites like Linkedln) and use spoofed addresses to send emails that could plausibly look like they're coming from co-workers. For instance the spear phisher might target someone in the finance department and pretend to be the victim's manager requesting a large bank transfer on short notice.

Whaling Attack

    Whale phishing is typically a whale phishing email will ask the recipient to email sensitive data like payroll records or bank account information to a spoofed email address, or request that the recipient authorize a wire transfer.

 The goal of this stalking is to figure out how to better trick the executive in order to steal data, employee information or money. For example a whale phishing email to the CTO might reference an existing parent dispute and request sensitive information on product development. The goal: Capture sensitive information or credentials that could be lucrative of sold on black markets.

With this level of sophistication in an email, the executive can be fooled into believing that it comes from a trusted source that the executive expect to communicate with. below is an example that came from the Department of Homeland Security.