Phishing
Definition: Phishing is technique by which we can steal the sensitive information such as passwords of bank accounts etc by using spoofing. Here the attacker sends a webpage which is similar to that of original page. By sending email or sms in the name of bank to the user so that user login to the page using the attacker webpage. Attacker now captures the username and password immediatley.
Technology trend: Phishing is first reported in 1987. It is coined in 1990 by Kahn C Smith, a hacker. It first targeted the AOL users and the attack is also named as AOLHell. From early 2000’s the attackers targeted the bank accounts. Serval attacks were reported from U.S, U.K. When the digital world is growing such as cloud storage and cloud infrastructure the attackers targeted these users. Icloud, Apple’s cloud storage was targeted and many of the pictures of the celebrities and other users got leaked.
Types:
Deceptive Phishing: This is the most common type of phsihing where the attackers use popular and legal company names. They send email or sms to the users in a threating or urgency ways such as change your password immediatley or saying that bank cyber systems are in attack.
Here users should carefully verify the url they are visiting and also email sent by the attackers. This can prevent from this type of attacks
Spear Phishing: This is similar to Deceptive Phishing but here the attackers are more creative type. A targeted user is sent a mail in a way that it contains his Name, Workplace, Phone No etc which the user thinks that the email or sms from a bank is genuine one.
These type of attacks are more common in social media sites like LinkedIn where attacker gets the personal information of the targeted users.
Compaines should educate their employees about these type of attacks.
Whaling Phsihing: It is a special form of Spear Phishing. Here the targeted users are of high profile such as CEO, CFO etc. It is a high-tech phishing because it involves lot of work related to the target user. The attackers get highly sensitive information related to the user.
The term Whaling because of the nature of the work and targeted users as whales are generally large in size.
Malware Phishing: In this type of phishing the user is sent email with malicious software as an email attachment or as an automatic download from a malicious webpage when a user accidentally clicks the link of page. Here the users should be careful and aware enough to prevent these type of attacks.
Source is majorly from understanding cryptography book