PHISHING
Phishing is also one of the cyber attack which is done by the attacker on the victims phone by sending fraudulent message to victims phone, it may be either email or social media message which will be containing fake interface as same like original website and original Login pages will have. Where the victims will not get to know that attacker sent page or email is original or fake.
In this article will see about what is Phishing? How phishing has been done and how to prevent from phishing. Phishing is one of the Cyber Crime the person who do phishing he will be put into to the Jail and he will be punished also he may put fine for that, Most of the Phishing done through email.
What is Phishing?
Phishing attacks are the practice of sending fraudulent communications that appear to come from a reputable source. It is usually done through email. The goal is to steal sensitive data like credit card and login information, or to install malware on the victim’s machine. Phishing is a common type of cyber attack that everyone should learn about in order to protect themselves.
The first recorded use of the term “phishing” was in the cracking toolkit AOHell created by Koceilah Rekouche in 1995 however, it is possible that the term was used before this in a print edition of the hacker magazine 2600 The word is a leetspeak variant of fishing, probably influenced by phreaking, and alludes to the use of increasingly sophisticated lures to “fish” for users’ sensitive information.
Types of Phishing:
- Email phishing
- Voice phishing
- SMS phishing
- Page hijacking
- calendar hijacking
1. Email phishing :
Most phishing messages are delivered by email spam, and are not personalized or targeted to a specific individual or company–this is termed “bulk” phishing. The content of a bulk phishing message varies widely depending on the goal of the attacker common targets for impersonation include banks and financial services, email and cloud productivity providers, and streaming services. Attackers may use the credentials obtained to directly steal money from a victim, although compromised accounts are often used instead as a jumping-off point to perform other attacks, such as the theft of proprietary information, the installation of malware, or the spear phishing of other people within the target’s organization.
2. Voice phishing :
Voice phishing, or vishing (another name for voice Phishing) is the use of telephony (often Voice over IP telephony) to conduct phishing attacks. Attackers will dial a large quantity of telephone numbers and play automated recordings often made using text-to-speech synthesizers that make false claims of fraudulent activity on the victim’s bank accounts or credit cards. The calling phone number will be spoofed to show the real number of the bank or institution impersonated. The victim is then directed to call a number controlled by the attackers, which will either automatically prompt them to enter sensitive information in order to “resolve” the supposed fraud, or connect them to a live person who will attempt to use social engineering to obtain information.
3. SMS phishing :
SMS phishing or smishing (another name for SMS phishing) is conceptually similar to email phishing, except attackers use cell phone text messages to deliver the “bait”. Smishing attacks typically invite the user to click a link, call a phone number, or contact an email address provided by the attacker via SMS message. The victim is then invited to provide their private data; often, credentials to other websites or services. Furthermore, due to the nature of mobile browsers, URLs may not be fully displayed; this may make it more difficult to identify an illegitimate logon page. As the mobile phone market is now saturated with smartphones which all have fast internet connectivity, a malicious link sent via SMS can yield the same result as it would if sent via email. Smishing messages may come from telephone numbers that are in a strange or unexpected format.
4. Page hijacking :
Page hijacking involves compromising law or to rules web pages in order to redirect users to a malicious website or an exploit kit (is a type of toolkit cybercriminals) via cross site scripting. A hacker may compromise a website and insert an exploit kit such as MPack (php based malware pack) in order to compromise legitimate users who visit the now compromised web server. One of the simplest forms of page hijacking involves altering a webpage to contain a malicious inline frame which can allow an exploit kit to load. Page hijacking is frequently used in tandem with a watering hole ( a watering hole attack is a security exploit in which the attacker seeks to) attack on corporate entities in order to compromise targets.
5. calendar hijacking :
Calendar phishing is when phishing links are delivered via calendar invitations. Calendar invitations are sent, which by default, are automatically added to many calendars. These invitations often take the form of please reply — used on invitations to ask the invited guests to indicate whether they will be able to attend the event which is sent by the attacker RSVP (RSVP comes from the French phrase “répondez s’il vous plaît.”) and other common event requests.
These are the some of types of phishing. Lets know about the how to prevent from the phishing ,
How to be aware of the phishing before you will be hijacked by any attacker, where phisher can able to steal anything he want from the victim phone mainly attacker will attack on the passwords or Debit card details or any other data which are valuable.
Phishing is a popular form of cybercrime because of how effective it is. Cybercriminals have been successful using emails, text messages, direct messages on social media or in video games, to get people to respond with their personal information.
→ Be suspicious of emails that claim you must click, call, or open an attachment immediately. Often they’ll claim you have to act now to claim a reward or avoid a penalty. Creating a false sense of urgency is a common trick of phishing attacks and scams.
→ Professional companies and organizations usually have an editorial staff to ensure customers get high-quality, professional content. If an email message has obvious spelling or grammatical errors, it might be a scam.
→ An organization that works with you should know your name and these days it’s easy to personalize an email. If the email starts with a generic “Dear sir or madam” that’s a warning sign that it might not really be your bank or shopping site.
→ If the email claims to be from a reputable company, like Google or your bank or Apple, but the email is being sent from another email domain like Gmail.com, or googlesupport.ru it’s probably a scam. Also be watchful for very subtle misspellings of the legitimate domain name. Like micros0ft.com where the second “o” has been replaced by a 0, or rnicrosoft.com, where the “m” has been replaced by an “r” and a “n”. These are common tricks of scammers.
→ Be aware of the fake links sent by some one and saying to get login by this link to get some offers or something which is offered by them be aware that it will be scam, fake links interfaces which will be directly connected to attacker computer and he can access the data directly without any interacting with you.
These are the some of steps to be seen carefully to prevent from the phishing if not you will be phish by someone…
