HI Hi, Greetings! 
Today, I would like to share with you an article about the overview of phishing attacks - Part-01 and 02.
Phishing Attacks:
Phishing is a form of social engineering assault that seeks to take advantage of legitimate system users' gullibility and/or naivety.
This form of attack got its name from the fact that it uses bait, just like its homophone "fishing." Bait is frequently disguised as an appealing email in phishing attacks. Attackers go to considerable measures to make their emails look as genuine as possible. The majority of these emails link recipients to an attacker-controlled website where malware is sent, or user credentials are intercepted.
Types of phishing attacks:
The attacks can be divided into two categories.
Standard phishing attacks
Spear phishing attacks
1- Standard phishing attacks:
Attacks that target a large number of people and rely on one or more victims are known as standard attacks. The attacker realizes that this is a haphazard approach. However, since the attacker only needs one successful victim to build a footing, this isn't a big deal. With universal bait, these schemes target a large audience.
Example:
An attacker impersonating a member of the IT department sends a bulk email to staff.
The email serves as a reminder to recipients to complete the required annual online IT security training module; nevertheless, the training module is controlled by the attacker.
The affected user is directed to input their employee credentials during the course, which is subsequently sent straight to the attacker.
A double-edged sword is a mass distribution. A larger dispersion increases the chances of enticing in at least one victim. At the same time, there's a better chance of attracting the notice of the organization's legitimate IT or security teams.
2- Spear phishing attacks:
This is a more targeted attack than typical phishing techniques. Because it targets fewer people through a carefully altered email, it takes more time and effort on the attacker's part. It's also customary for the attacker to spend time gaining the target's trust before instructing them to perform hostile acts. This method is more typically used to install malware on a company's internal network.
Example:
A target organization's sensitive internal project is discovered by an attacker.
The attacker impersonates the sender's email address.
The attacker sends an otherwise innocuous email with the subject line "Minutes from the last meeting" or "Action Items" to a limited recipient list.
The recipients receive what appears to be a real email about a recent project meeting. They are far more inclined to open the attachment since there is implicit trust.
Internal networks used by high-level executives in a business who are permitted to access more sensitive information have been accessed using such campaigns. The end consequence is the same as a general operation, but the compromise occurs far deeper within the company. Spear phishing is a type of phishing that seeks to extract specific information or obtain access to a company's internal network.
You are welcome to like and leave feedback in the comment area.
Part 02 continues with the Damage and Prevent of the phishing attacks.
Link:
Source:
https://www.imperva.com/learn/application-security/phishing-attack-scam/
https://www.itperfection.com/network-security/phishing-attacks-cybersecurity-network-security-2fa-authentication-firewall-smishing-vishing/
M M Zaheer Hussain
Stay Safe !
