Phishing Recognition

Phishing Recognition



Phishing is an attack where a scammer calls you, texts or emails you, or uses social media to trick you into clicking a malicious link, downloading malware, or sharing sensitive information. Phishing attempts are often generic mass messages, but the message appears to be legitimate and from a trusted source (e.g. from a bank, courier company).

 

Methods

Spear phishing: A personalized attack that targets you specifically. The message may include personal details about you, such as your interests, recent online activities, or purchases.

Whaling: A personalized attack that targets a big “phish” (e.g. CEO, executive). A scammer chooses these targets because of their level of authority and possible access to more sensitive information.

SMiShing: A phishing attack using SMS (texts). A scammer may impersonate someone you know or pose as a service you use (e.g. Internet or mobile provider) to request or offer an update or payment.

 



Phishing Attack Breakdown

Step 1: The Bait

Tailored Messages: Scammers create emails or messages that appear to be from legitimate sources (e.g., banks, popular services).

Information Gathering: They gather details about the target from social media or public profiles to personalize the message.

Vishing: In voice phishing, scammers use robocalls to deliver fraudulent messages.

 

Step 2: The Hook

Urgency and Trust: The message often claims there’s an urgent issue requiring immediate action, enticing the victim to respond.

Fake Websites: If the victim clicks a link, they’re directed to a counterfeit site to input sensitive information.

Malicious Attachments: Opening attachments can execute malware on the victim's device.

Phone Interaction: In vishing, pressing a number may connect the victim to the scammer directly.

 

Step 3: The Attack

Stolen Credentials: Once scammers access the victim's accounts, they can send phishing emails to contacts or exploit privileged access if the victim is in IT.

Malware Installation: Scammers may install malicious software to control devices, steal data, or hold files for ransom (ransomware).

 





reference

Cybersecurity and Infrastructure Security Agency. (n.d.). Recognize and report phishing. U.S. Department of Homeland Security. https://www.cisa.gov/secure-our-world/recognize-and-report-phishing


Comments

Post a Comment

Popular posts from this blog

Safe browsing habits

Image
Safe browsing habits Use Secure Connections Alwaysensure that the websites you visit use HTTPS, indicated by a padlock icon in the address bar. This means that the connection between your browser and the website is encrypted, making it more difficult for attackers to intercept your data. Avoid entering sensitive information on sites that don’t have this security measure in place.   Be Cautious with Public Wi-Fi While public Wi-Fi networks are convenient, they can also be insecure. Avoid accessing sensitive accounts or entering personal information while connected to public Wi-Fi. If you must use public Wi-Fi, consider using a virtual private network (VPN) to encrypt your connection, adding an extra layer of security.   Enable Pop-Up Blockers Pop-up ads can be annoying and may lead to malicious sites. Most modern browsers have built-in pop-up blockers, which help prevent unwanted pop-ups from appearing. Enable this feature to reduce your risk of inadvertently cli...
Read more

Cyber Security awareness

Image
Introduction In today's digitally interconnected world, cybersecurity awareness has emerged as a critical aspect of personal and organizational security. With the increasing frequency and sophistication of cyber-attacks, such as phishing, ransomware, and data breaches, the importance of being aware cannot be overstated.   Definition Cybersecurity awareness refers to the understanding and knowledge of potential cyber threats and the behaviors necessary to protect oneself and an organization’s sensitive information from these threats. It involves educating individuals about the importance of safeguarding their data and the various methods to do so, including safe internet practices, recognizing phishing attempts, and using strong passwords (Anderson, R .2020). Discussion 1. Significance of Cybersecurity Awareness Organizations can face significant financial losses due to data breaches and cyber-attacks. Educated employees can serve as the first line of defense in prote...
Read more