PHISHING ATTACK ( #CollegeHacker - Subscribe)

 PHISHING ATTACK :-

Phishing is similar to fishing in a lake, but instead of trying to capture fish, phishers attempt to steal your personal information. They send out e-mails that appear to come from legitimate websites such as eBay, PayPal, or other banking institutions. The e-mails state that your information needs to be updated or validated and ask that you enter your username and password, after clicking a link included in the e-mail. Some e-mails will ask that you enter even more information, such as your full name, address, phone number, social security number, and credit card number. However, even if you visit the false website and just enter your username and password, the phisher may be able to gain access to more information by just logging in to you account.

Phishing is a con game that scammers use to collect personal information from unsuspecting users. The false e-mails often look surprisingly legitimate, and even the Web pages where you are asked to enter your information may look real. However, the URL in the address field can tell you if the page you have been directed to is valid or not. For example, if you are visiting an Web page on eBay, the last part of the domain name should end with "ebay.com." Therefore, "http://www.ebay.com" and "http://cgi3.ebay.com" are valid Web addresses, but "http://www.ebay.validate-info.com" and "http://ebay.login123.com" are false addresses, which may be used by phishers. If URL contains an IP address, such as 12.30.229.107, instead of a domain name, you can almost be sure someone is trying to phish for your personal information.

If you receive an e-mail that asks that you update your information and you think it might be valid, go to the website by typing the URL in your browser's address field instead of clicking the link in the e-mail. For example, go to "https://www.paypal.com" instead of clicking the link in an e-mail that appears to come from PayPal. If you are prompted to update your information after you have manually typed in the Web address and logged in, then the e-mail was probably legitimate. However, if you are not asked to update any information, then the e-mail was most likely a spoof sent by a phisher.

Most legitimate e-mails will address you by your full name at the beginning of the message. If there is any doubt that the e-mail is legitimate, be smart and don't enter your information. Even if you believe the message is valid, following the guidelines above will prevent you from giving phishers your personal information.

Phishing Methods

Phishing attempts most often begin with an email attempting to obtain sensitive information through some user interaction, such as clicking on a malicious link or downloading an infected attachment.

• A.) Through link manipulation, an email may present with links that spoof legitimate URLs; manipulated links may feature subtle misspellings or use of a subdomain. B.) Phishing scams may use website forgery, which employs JavaScript commands to make a website URL look legitimate. C.) Using covert redirection, attackers can corrupt legitimate websites with malicious pop-up dialogue boxes that redirect users to a phishing website. D.) Infected attachments, such as .exe files, Microsoft Office files, and PDF documents can install ransomware or other malware. E.) Phishing scams can also employ phone calls, text messages, and social media tools to trick victims into providing sensitive information.

Types of Phishing Attacks

Some specific types of phishing scams use more targeted methods to attack certain individuals or organizations.  

 A.) Spear Fishing

Spear phishing email messages won’t look as random as more general phishing attempts. Attackers will often gather information about their targets to fill emails with more authentic context. Some attackers even hijack business email communications and create highly customized messages.

 B.) Clone Phishing

Attackers are able to view legitimate, previously delivered email messages, make a nearly identical copy of it—or “clone”—and then change an attachment or link to something malicious.

 C.) Whaling

Whaling specifically targets high profile and/or senior executives in an organization. The content of a whaling attempt will often present as a legal communication or other high-level executive business.

How to Prevent Phishing Attacks

Organizations should educate employees to prevent phishing attacks, particularly how to recognize suspicious emails, links, and attachments. Cyber attackers are always refining their techniques, so continued education is imperative.

Some tell-tale signs of a phishing email include:

• ‘Too good to be true’ offers
• Unusual sender
• Poor spelling and grammar
• Threats of account shutdown, etc., particularly conveying a sense of urgency
• Links, especially when the destination URL is different than it appears in the email content
• Unexpected attachments, especially .exe files

Additional technical security measures can include:

• Two Factor Authentication incorporating two methods of identity confirmation—something you know (i.e., password) and something you have (i.e., smartphone)
• Email filters that use machine learning and natural language processing to flag high-risk email messages. DMARC protocol can also prevent against email spoofing.
• Augmented password logins using personal images, identity cues, security skins, etc.

------------------------------- Important Links :- ------------------------------- 1. Instagram :- https://www.instagram.com/hacker_college 2. Twitter :- https://www.twitter.com/hacker_college 3. Blogs :- https://college-hacker.blogspot.com/ 4. Tumblr :- https://www.tumblr.com/blog/collegeha... 5. Pinterest :- https://in.pinterest.com/collegehacker/

#collegehacker , #CollegeHacker , #hackercollege

___________________________________________________ SUBSCRIBE - SHARE - LIKE - COMMENT . ___________________________________________________ Subscribe And Press the Bell Icon For More Update.

___________________________________________________