Editorial

Phishing Attack

Users’ login credentials and credit card numbers can be stolen by phishing, which is a type of social engineering attack. It happens when an attacker, pretending to be a trusted person, gets someone to open an email, instant message, or text message. Senders can trick their recipients into clicking on links in emails that are malicious. This can lead to malware being installed on their computer or the system being frozen as part of a ransomware attack.

An attack can have a lot of bad consequences. For people, this means making unauthorized purchases, taking money, or stealing someone’s name.

An Example of a Phishing Attack

The following is an example of a common phishing scam:

  • A spoofed email that looks like it came from myuniversity.edu is sent to as many faculty members as possible.
  • There is a message in the email that says the user’s password is about to run out. Instructions tell people to go to myuniversity.edu/renewal within 24 hours to change their password, and they should do so.
  • The user is sent to myuniversity.edurenewal.com, a fake page that looks just like the real renewal page. There, both new and old passwords are asked for. The attacker, who is watching the page, steals the original password so that he or she can get into secure parts of the university network.
  • The user is sent to the page where they can change their password. Even though you’re being redirected, there’s a malicious script running in the background that tries to get the user’s session cookie. This is called a “reflected XSS attack,” and it gives the attacker access to the university network.

Techniques for Phishing Attack

Email phishing

Scams are a way to get money by getting people to send money

Email phishing is a math game. An attacker who sends out a lot of fake messages can get a lot of valuable information and money even if only a small number of people fall for the scam. As you can see from the above, attackers use a lot of different things to make their attacks more likely to work.

For one thing, they will go to great lengths to make phishing messages look like emails from a spoofed company. Using the same words, typefaces, logos, and signatures makes the messages look more real.

Spear Phishing

Spear phishing is when someone tries to get someone to give them money

Spear phishing is a type of phishing that focuses on a single person or company, rather than random people who use an app. It’s a more in-depth version of phishing that requires a lot of knowledge about an organization, like how it’s run.

How do you Stop Phishing?

Users and businesses both need to take steps to protect themselves from phishing attacks, but they both need to do this.

It’s important for people who use the service to keep an eye on things. A spoofed message is usually full of small mistakes that show who it is. These can be things like misspellings or changes to domain names, as shown in the URL example from before. Stop and think about why you’re getting this email.

This was in brief about Phishing attacks. To know more about, Csc Digital Seva Portal, click here.

Related Articles

Back to top button