The Anatomy Of Phishing

Edward Robin

Security Awareness

The Anatomy Of Phishing
The Anatomy Of Phishing

Fishing with an F is a way to catch Fish, using bait like worms, which is FUN. Phishing with a PH isn’t fun. It’s scary internet stuff -A way for bad people to catch your private details, like your bank account details, your credit card information or passwords. And the bait they use is LIES.

Here’s how phishing works which is something you’ve probably seen already. You receive an email which looks like to come from someone you trust. Your bank! But, it’s NOT.

It looks real, but is designed to fool you into handing over your important information.

Here are the few ways they can fool you into falling for their bait. They’ll either scare you that your account will be closed unless you update it with your information, or mislead you that your account has been accessed illegally and you need to verify your information. They can also deceive you by sending you new bank offers so that you check the fake brochure or policy link in the email. You click on the link and it takes you to a page that looks so much like a legit bank website. Trapped by their bait, you thrust your information they ask you for and you are CAUGHT in their LIES.

Anatomy Of Phishing
Anatomy Of Phishing

Most of you have got to do business online. You buy and sell things, so you have accounts with sensitive information. The risk of doing business online is low as long as you deal directly with organization huge trust.  Problem occurs when these bad internet guys impersonate these trustworthy organizations and fool you into handing your confidential information to them.

The key to avoiding these scams is awareness as well as to stop the urge to click on everything you see and get over internet.

Always remember, your bank account will never ask you to confirm your details via an email. NEVER!  This is the most obvious way to spot a phishing attempt. Hence, if you receive an email like this, here is the key: DON’T CLICK IT!

Next, when banks send emails to their customers, they address them with their names. Therefore, when you receive an email that looks allegedly sent from your trusted banking service, look for your name!  If it says something like ‘Dear Valued Customer’, it’s not real- DON’T CLICK IT.

The last most obvious way to point out a phishing trick is to look for ‘SPELING MISTACKS’. A legit bank or any other online financial service will never leave a single spelling mistake in the text of their emails to their valued customers, nor will they send an unprofessional email to them. Simple as it looks, spot an email with spelling mistakes or lacking professionalism and never fall for it.

Remember, phishing email can use exact logos, phone numbers and addresses that appear on your bills. You need to be extra vigilant in spotting the difference between the REAL one and the FAKE one.

Always be suspicious for emails that ask for your information. Because, that’s the only way you can keep your information and money from being stolen and spent wrongfully.

Don’t be scared of these phishing emails as long as you keep your mouse pointer away from clicking on the bait they provide you with. Just delete the emails or report them to reportphishing@antiphishing.org or spam@uce.gov

You would love to read How Do Hackers Steal Your Passwords?

Anatomy Of A Phishing Attack

The anatomy of a phishing attack typically consists of the following steps:

1. A malicious actor sends out an email or other type of message that appears to be from a legitimate source, such as a bank or other financial institution.

2. The malicious actor attempts to gain access to the target’s personal information, such as usernames, passwords, credit card numbers, or other sensitive information.

3. The malicious actor uses the obtained information to gain access to

the target’s accounts or to commit other types of fraud.

4. The malicious actor may also use the obtained information to launch additional attacks, such as installing malware or ransomware on the target’s device.

5. The malicious actor may also attempt to use the stolen information to extort money from the target.

Types Of Phishing

1. Spear phishing: A targeted attack directed at a specific individual or organization.

2. Whaling: An attack directed at high-level executives or other important figures.

3. Clone phishing: An attack in which the malicious actor creates a replica of a legitimate email in order to trick the target into providing sensitive information.

4. Smishing: An attack in which the malicious actor sends a text message with a malicious link in order to gain access to the target’s device.

Categories Of Phishing

Anatomy of a Phishing Attack:

1. Reconnaissance: The attacker researches the target organization, its employees, and their online activities.

2. Lure: The attacker crafts an email, text message, or other communication that appears to be from a legitimate source. This message contains a malicious link or attachment.

3. Delivery: The attacker delivers the malicious communication to the target.

4. Exploitation: The target clicks the malicious link or attachment, which triggers the malicious code.

5. Action on Objective: The malicious code performs its intended task, such as stealing data or installing malware.

Features Of Phishing

1. False sense of urgency: Phishers use a sense of urgency to try to get the target to act quickly without thinking.

2. Mimicking of legitimate sources: Phishers use familiar logos, language, and other cues to make the malicious communication appear legitimate.

3. Malicious links and attachments: Phishers use malicious links and attachments to deliver malicious code.

4. Social engineering: Phishers use social engineering tactics to manipulate the target into taking a desired action.

Main Causes Of Phishing

1. Weak security: Weak security measures can make it easier for phishers to access sensitive information.

2. Poor user awareness: Poor user awareness of phishing tactics can make it more likely that users will fall victim to a phishing attack.

3. Spam emails: Spam emails containing malicious links or attachments can be used to launch phishing attacks.

4. Social media scams: Social media scams can be used to spread malicious links or attachments.

5. Malware: Malware can be used to steal personal information and spread phishing attacks.

6. Fake websites: Fake websites can be used to mimic legitimate websites in order to trick users into entering sensitive information.

7. Spear phishing: Spear phishing is a targeted attack, usually aimed at specific individuals or organizations.

What Is Phishing?

Phishing is a type of cyberattack that uses deceptive emails, websites, or other online communication to trick people into providing sensitive information, such as passwords, credit card numbers, or bank account information. The attacker might also use phishing to install malicious software on the victim’s computer. Phishing attacks can be used to gain access to confidential data or to commit fraud.

Phishing Tools

Phishing tools are techniques and software used to carry out phishing attacks. These tools include malicious websites, emails, text messages, and social engineering techniques designed to deceive victims into providing personal or financial information. Common phishing tools also include key loggers, which record keystrokes, and malware, which can be used to steal data or take control of a computer.

Risk Of Phishing

The risk of phishing is very high. Phishing attacks can lead to identity theft, financial loss, and the compromise of confidential data. Phishing attacks can also be used to commit fraud, such as transferring money from a victim’s bank account or stealing confidential information. In addition, phishing attacks can be used to spread malware and other malicious software.

Good Example Of Phishing

A good example of phishing is when an attacker sends an email that appears to be from a legitimate source, such as a bank or online store. The email may contain a link that leads to a malicious website or a malicious download. The malicious website or download may contain malware or other malicious software that can be used to steal data or take control of a computer.

Signs Of Phishing

The six signs of phishing are:

1. Unfamiliar sender – The sender of the email or message may not be someone you know or recognize.

2. Suspicious links – The email or message may contain a link that looks suspicious or out of place.

3. Poor spelling and grammar – The email or message may contain spelling and grammar errors.

4. Urgent requests – The email or message may contain an urgent request for personal information or money.

Why Is It Called Phishing?

The term “phishing” comes from the analogy of using bait to catch a fish. Phishers try to lure unsuspecting victims into providing sensitive information or money by using deceptive tactics. It is called phishing because the attacker is “fishing” for personal information.

Main Target Of Phishing

The main target of phishing are individuals, particularly those who are not tech-savvy and may not be aware of the risks associated with providing personal information online. Phishers often target people with emails that appear to be from a legitimate source, such as a bank or government agency. They may also use social engineering techniques to try to trick people into providing their personal information.

Most Common Type Of Phishing

The most common type of phishing is email phishing. This involves sending emails that appear to come from a legitimate source, but which contain malicious links or attachments. The emails may contain links to malicious websites or may ask for personal information such as passwords or credit card numbers.

Purpose Of Phishing

The purpose of phishing is to gain access to personal information or to spread malware by tricking people into clicking on malicious links or attachments. Phishing is used to gain access to sensitive data such as passwords, credit card numbers, and other confidential information. It can also be used to spread malicious software such as viruses, spyware, and ransomware.

Stay Safe!

Business Security Ideas – Devices & Software To Protect Your Data

Create And Remember Your Password In The Easiest Way Possible