Phishing is a type of cybersecurity attack that attempts to obtain data that are sensitive like Username, Password, and more. It attacks the user through mail, text, or direct messages. Now the attachment sends by the attacker is opened by the user because the user thinks that the email, text, messages came from a trusted source. It is a type of Social Engineering Attack. For Example, The user may find some messages like the lottery winner. When the user clicks on the attachment the malicious code activates that can access sensitive information details. Or if the user clicks on the link that was sent in the attachment they may be redirected to a different website that will ask for the login credentials of the bank.
Types of Phishing Attack :
Spear Phishing –
This attack is used to target any specific organization or an individual for unauthorized access. These types of attacks are not initiated by any random hacker, but these attacks are initiated by someone who seeks information related to financial gain or some important information. Just like the phishing attack spear-phishing also comes from a trusted source. This type of attack is much successful. It is considered to be one of the most successful methods as both of the attacks(that is phishing and spear-phishing) is an online attack on users.
Clone Phishing –
This attack is actually based on copying the email messages that were sent from a trusted source. Now the hackers alter the information by adding a link that redirects the user to a malicious or fake website. Now, this is sent to a large number of users and the person who initiated it watches who clicks on the attachment that was sent as a mail. This spreads through the contacts of the user who has clicked on the attachment.
It is a type of social engineering attack that plays with the emotions of a person and exploits them to gain money and information. They target them through dating sites. It is a type of engineering threat.
Voice Phishing –
Some attacks require to direct the user through fake websites, but some attacks do not require a fake website. This type of attack is sometimes referred to as vishing. Someone who is using the method of vishing, use modern caller id spoofing to convince the victim that the call is from a trusted source. They also use IVR to make it difficult for the legal authorities to trace, block, monitor. It is used to steal credit card numbers or some confidential data of the user. This type of phishing can cause more harm.
SMS phishing –
These attacks are used to make the user revealing account information. This attack is also similar to the phishing attack used by cybercriminals to steal credit card details or sensitive information, by making it look like it came from a trusted organization. Cybercriminals use text messages to get personal information by trying to redirect them to a fake website. This fake website looks like that it is an original website.
As android phones or smartphones are mostly used by the user, cybercriminals use this opportunity to perform this type of attack. Because they don’t have to go through the trouble of breaking firewalls and then accessing the system of the user to steal data.
Symptoms of the phishing :
It may request the user to share personal details like the login credentials related to the bank and more.
It redirects to a website if the user clicks on the link that was sent in the email.
If they are redirected to a website it may want some information related to the credit card or banking details of the user.
Preventive measures of phishing :
Do not try to open any suspicious email attachments.
Do not try to open any link which may seem suspicious.
Do not try to provide any sensitive information like personal information or banking information via email, text, or messages.
Always the user should have an antivirus to make sure the system is affected by the system or not.