presearch
Explanation of Phishing Attacks | Tech Hindi Sagar
Rajnish kumar

Tech Hindi Sagar

Tech Hindi Sagar website Is Stunning Website Created For Educational Purposes. it Archive And Support Student And Teacher Learning,Facilitating, Questioning And By Providing Contexts For Engaging In Higher-Order Thinking.The Use Of Blogs Has Become Popular In Education Institutions Including Public Schools And Colleges. Blogs Can Be Useful Tools For Sharing Information And Tips Among Co-Workers, Providing Information For Students, Or Keeping In Contact With Parents.
Home Project
C Tutorial C++ Tutorial C# Tutorial SQL Tutorial JAVA Tutorial Python Tutorial CLOUD COMPUTING Tutorial
DS DAA HVPE TOC CG CN-I CN-II DBMS FOM JAVA
Web Technology SOFTWARE ENGINEERING HTML C C++ C# DAA SQL JAVA Python CLOUD COMPUTING Data Structure PHYSICS SOFT SKILLS
Web Technology Compiler Design SE DS DAA HVPE TOC CG Computer Network Distributed Computing DBMS FOM JAVA C C++ Chemistry
Ethical Hacking Hacking in Hindi Hacking for Beginners
C Program C++ Program Java Program Python Program Ruby
HTML Tutorial CSS Tutorial JavaScript Tutorial PHP Tutorial
Tutorial Videos Quiz
All Tutorial will be uploaded as soon as posible .Our Vision is Fun and Free Education for ALL Our Mission To bring all feasible courses , online..
Explanation of Phishing Attacks

Explanation of Phishing Attacks

Add Comment
PHISHING

What Is Phishing ?

Phishing is the fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details, often for malicious reasons, by disguising as a trustworthy entity in an electronic communication

Phishing is a type of social engineering attack often used to steal user data, including login credentials and credit card numbers. It occurs when an attacker, masquerading as a trusted entity, dupes a victim into opening an email, instant message, or text message. The recipient is then tricked into clicking a malicious link, which can lead to the installation of malware, the freezing of the system as part of a ransomware attack or the revealing of sensitive information.
Phishing is a Cyber crime in which a target or targets are contacted by email, telephone or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information, banking and credit card details, and passwords.
The information is then used to access important accounts and can result in identity theft and financial loss
As you know, phishing is a technique that involves tricking the user to steal confidential information , passwords, etc, into thinking you are a confidential site.
So far the hackers have used emails to launch this type of attack, but with the widespread use of social media networks and smartphones with internet access, the types of attacking are multiplying.
These emails include a link that takes the user to site known to have a confidential website, but they’re mere mimics with zero confidentiality.
Thus, overconfident users who do not have adequate antivirus protection, could be involved in attacks that are aimed to steal personal data.
And because of the economic crisis which is unfortunately affecting several countries, phishing attacks attracting people with the promise of a great job or an easy way to get money.
The question is … How can we prevent this type of phishing attack? 

10 Tips to Prevent Phishing Attacks

1. Learn to Identify Suspected Phishing Emails

There are some qualities that identify an attack through an email:
  • They duplicate the image of a real company.
  • Copy the name of a company or an actual employee of the company.
  • Include sites that are visually similar to a real business.
  • Promote gifts, or the loss of an existing account.

2. Check the Source of Information From Incoming Mail

Your bank will never ask you to send your passwords or personal information by mail. Never respond to these questions, and if you have the slightest doubt, call your bank directly for clarification.

3. Never Go to Your Bank’s Website by Clicking on Links Included in Emails

Do not click on hyperlinks or links attached in the email, as it might direct you to a fraudulent website.
Type in the URL directly into your browser or use bookmarks / favorites if you want to go faster.

4. Enhance the Security of Your Computer

Common sense and good judgement is as vital as keeping your computer protected with a good antivirus to block this type of attack.
In addition, you should always have the most recent update on your operating system and web browsers.

5. Enter Your Sensitive Data in Secure Websites Only

In order for a site to be ‘safe’, it must begin with ‘https://’ and your browser should show an icon of a closed lock.

6. Periodically Check Your Accounts

It never hurts to check your bank accounts periodically to be aware of any irregularities in your online transactions.

7. Phishing Doesn’t Only Pertain to Online Banking

Most phishing attacks are against banks, but can also use any popular website to steal personal data such as eBay, Facebook, PayPal, etc.

8. Phishing Knows All Languages

Phishing knows no boundaries, and can reach you in any language. In general, they’re poorly written or translated, so this may be another indicator that something is wrong.
If you never you go to the Spanish website of your bank, why should your statements now be in this language?

9. Have the Slightest Doubt, Do Not Risk It

The best way to prevent phishing is to consistently reject any email or news that asks you to provide confidential data.
Delete these emails and call your bank to clarify any doubts.

10. Check Back Frequently to Read About the Evolution of Malware

If you want to keep up to date with the latest malware attacks, recommendations or advice to avoid any danger on the net, etc … you can always read our blog or follow us on Twitter and Facebook . Happy to answer any questions you may have!



HOW TO IDENTIFY PHISHING ATTACKS

Phishing is most often initiated through email communications, but there are ways to distinguish suspicious emails from legitimate messages. Training employees on how to recognize these malicious emails is a must for enterprises who wish to prevent sensitive data loss. Often, these data leaks occur because employees were not armed with the knowledge they need to help protect critical company data. The following may be indicators that an email is a phishing attempt rather than an authentic communication from the company it appears to be. 
  • Emails with generic greetings. Phishing emails often include generic greetings, such as “Hello Bank One Customer” rather than using the recipient’s actual name. This is an obvious tell for phishing attacks that are launched in bulk, whereas spear phishing attacks will typically be personalized.
  • Emails requesting personal information. Most legitimate companies will never email customers and ask them to enter login credentials or other private information by clicking on a link to a website. This is a safety measure to help protect consumers and help customers distinguish fraudulent emails from legitimate ones.
  • Emails requesting an urgent response. Most phishing emails attempt to create a sense of urgency, leading recipients to fear that their account is in jeopardy or they will lose access to important information if they don’t act immediately.
  • Emails with spoofed links. Does a hyperlink in the message body actually lead to the page it claims? Never click on these links to find out; instead, hover over the link to verify its authenticity. Also, look for URLs beginning with HTTPS. The “S” indicates that a website uses encryption to protect users’ page requests.
When in doubt, call. If the content of an email is concerning, call the company in question to find out if the email was sent legitimately. If not, the company is now aware and can take action to warn other customers and users of potential phishing attempts appearing to come from their company.

Common Features of Phishing Emails

  • Too Good To Be True - Lucrative offers and eye-catching or attention-grabbing statements are designed to attract people’s attention immediately. For instance, many claim that you have won an iPhone, a lottery, or some other lavish prize. Just don't click on any suspicious emails. Remember that if it seems to good to be true, it probably is!
  • Sense of Urgency - A favorite tactic amongst cybercriminals is to ask you to act fast because the super deals are only for a limited time. Some of them will even tell you that you have only a few minutes to respond. When you come across these kinds of emails, it's best to just ignore them. Sometimes, they will tell you that your account will be suspended unless you update your personal details immediately. Most reliable organizations give ample time before they terminate an account and they never ask patrons to update personal details over the Internet. When in doubt, visit the source directly rather than clicking a link in an email.
  • Hyperlinks - A link may not be all it appears to be. Hovering over a link shows you the actual URL where you will be directed upon clicking on it. It could be completely different or it could be a popular website with a misspelling, for instance www.bankofarnerica.com - the 'm' is actually an 'r' and an 'n', so look carefully.
  • Attachments - If you see an attachment in an email you weren't expecting or that doesn't make sense, don't open it! They often contain payloads like ransomware or other viruses. The only file type that is always safe to click on is a .txt file.
  • Unusual Sender - Whether it looks like it's from someone you don't know or someone you do know, if anything seems out of the ordinary, unexpected, out of character or just suspicious in general don't click on it!
TYPES OF PHISHING ATTACKS


1. DECEPTIVE PHISHING


part-4
The most common type of phishing scam, deceptive phishing refers to any attack by which fraudsters impersonate a legitimate company and attempt to steal people’s personal information or login credentials. Those emails frequently use threats and a sense of urgency to scare users into doing the attackers’ bidding.
For example, DON'T LOGIN PayPal from here if want to see then click it's looks likes original website but this is scam-PayPal scammers "might send out an attack email that instructs them to click on a link in order to rectify a discrepancy with their account. In actuality, the link leads to a fake PayPal login page that collects a user’s login credentials and delivers them to the attackers.
The success of a deceptive phish hinges on how closely the attack email resembles a legitimate company’s official correspondence. As a result, users should inspect all URLs carefully to see if they redirect to an unknown website. They should also look out for generic salutations, grammar mistakes, and spelling errors scattered throughout the email.

2. SPEAR PHISHING

part-5
Not all phishing scams lack personalization – some use it quite heavily.
For instance, in spear phishing scams, fraudsters customize their attack emails with the target’s name, position, company, work phone number and other information in an attempt to trick the recipient into believing that they have a connection with the sender.
The goal is the same as deceptive phishing: lure the victim into clicking on a malicious URL or email attachment, so that they will hand over their personal data.
Spear-phishing is especially commonplace on social media sites like LinkedIn, where attackers can use multiple sources of information to craft a targeted attack email.
To protect against this type of scam, organizations should conduct ongoing employee security awareness training that, among other things, discourages users from publishing sensitive personal or corporate information on social media. Companies should also invest in solutions that are capable of analyzing inbound emails for known malicious links/email attachments.

3. CEO FRAUD

part-6
Spear phishers can target anyone in an organization, even top executives. That’s the logic behind a “whaling” attack, where fraudsters attempt to harpoon an executive and steal their login credentials.
In the event their attack proves successful, fraudsters can choose to conduct CEO fraud, the second phase of a business email compromise (BEC) scam where attackers impersonate an executive and abuse that individual’s email to authorize fraudulent wire transfers to a financial institution of their choice.
Whaling attacks work because executives often don’t participate in security awareness training with their employees. To counter that threat, as well as the risk of CEO fraud, all company personnel – including executives – should undergo ongoing security awareness training.
Organizations should also consider amending their financial policies, so that no one can authorize a financial transaction via email.

4. PHARMING

part-7
As users become more savvy to traditional phishing scams, some fraudsters are abandoning the idea of “baiting” their victims entirely. Instead, they are resorting to pharming – a method of attack which stems from domain name system (DNS) cache poisoning.
The Internet’s naming system uses DNS servers to convert alphabetical website names, such as “www.microsoft.com,” to numerical IP addresses used for locating computer services and devices.
Under a DNS cache poisoning attack, a pharmer targets a DNS server and changes the IP address associated with an alphabetical website name. That means an attacker can redirect users to a malicious website of their choice even if the victims entered in the correct website name.
To protect against pharming attacks, organizations should encourage employees to enter in login credentials only on HTTPS-protected sites. Companies should also implement anti-virus software on all corporate devices and implement virus database updates, along with security upgrades issued by a trusted Internet Service Provider (ISP), on a regular basis.

5. DROPBOX PHISHING 

                 part-8
While some phishers no longer bait their victims, others have specialized their attack emails according to an individual company or service.
Take Dropbox, for example. Millions of people use Dropbox every day to back up, access and share their files. It’s no wonder, therefore, that attackers would try to capitalize on the platform’s popularity by targeting users with phishing emails.
One attack campaign, for example, tried to lure users into entering their login credentials on a fake Dropbox sign-in page hosted on Dropbox itself.
To protect against Dropbox phishing attacks, users should consider implementing two-step verification (2SV) on their accounts. For a step-by-step guide on how to activate this additional layer of security,.

6. GOOGLE DOCS PHISHING

          part-9
Fraudsters could choose to target Google Drive similar to the way they might prey upon Dropbox users.
Specifically, as Google Drive supports documents, spreadsheets, presentations, photos and even entire websites, phishers can abuse the service to create a web page that mimics the Google account log-in screen and harvests user credentials.
A group of attackers did just that back in July of 2015. To add insult to injury, not only did Google unknowingly host that fake login page, but a Google SSL certificate also protected the page with a secure connection.
Once again, users should consider implementing 2SV to protect themselves against this type of threat. They can enable the security feature via either SMS messaging or the Google Authenticator app.

CONCLUSION

Using the guide above, organizations will be able to more quickly spot some of the most common types of phishing attacks. But that doesn’t mean they will be able to spot each and every phish. On the contrary, phishing is constantly evolving to adopt new forms and techniques.
With that in mind, it’s imperative that organizations conduct security awareness training on an ongoing basis so that their employees and executives stay on top of emerging phishing attacks.

SHARE

About Admin of the Blog:

Rajnish kumar is the CEO/founder of Tech Hindi Sagar .He is a Computer Science Engineer ,Web Designer,Web Developer and a Pro Blogger..Inspired to make things looks better.

  • Image
  • Image
  • Image
  • Image
  • Image
    Blogger Comment
    Facebook Comment

0 comments:

Post a Comment

Subscribe to: Post Comments ( Atom )