Phishing - Cyber Attack and Defence
In this article, we are going to learn about Phishing a cyber attack, objectives, risk, how to identify the attack, and how to defend the attack.
Disclaimer: The articles provided on HackWithV is purely for informational and educational purpose only, and for those who are willing and curious to know & learn about Cyber Security, Ethical Hacking, Software Development and IT Operations. Anytime the word "Hacking" that is used on this site shall be regarded as Ethical Hacking.
Table of Content
- What is Phishing? Jump to
- Main Objectives of Attacker Jump to
- Types of Phishing Attacks Jump to
- Who is at Risk? Jump to
- How to Identify the Attack? Jump to
- How to Defend the Attack? Jump to
What is Phishing?
- Phishing is a cyber attack, a fraudulent attempt to obtain sensitive information by disguising oneself as a trustworthy entity in an email.
- According to research, 91% of all cyber attacks begin with phishing.
Main Objectives of Attacker
The goal of an attacker is obtain the sensitive information as follow:
- Personal Identifiable Information.
- Login credentials and passwords.
- Financial information, account information and payment process.
- Owed invoices or outstanding debts.
- Company structure information, internal communication and defense posture.
- Deploymnet of malware(keyloggers, RATs(Remote Access Trojans)).
- Ransomware.
Type of Phishing Attacks
- Phishing
- Spear Phishing
- Whaling
- Pharming
- Smishing
- Vishing
Who is at Risk?
- Everyone who conected to internet.
- Phishing fraud has affected the largest global corporations and governments all the way down to small business and individuals.
- Globally June 2016 to present, current losses are over $27 Billion USD.
How to Identify the Attack?
We can identify the phishing attack by some warning signs as follow:
- Urgency of request
- Out of contact or lack of contact
- Language and Grammar mistakes
- Links and attachments
- No prior web presence or footprint
- Use of chat apps: WhatsApp, Telegarm
- Use of non-traditional payment: money orders, gift cards
- Use of irreversible/hard to track payment: wires, virtual currency
How to Defend the Attack?
- Awareness is key to defend the phishing
- Do not click links or attachments.
- Watch for warning signs, discussed in the How to Identify the Attack?
- Use a good spam filter, but recognize it will not catch everything.
- Use authentication checking
- SPF (Sender Policy Framework)
- DKIM (DomainKeys Identified Mail)
- DMARC (Domain-based Message Authentication, Reporting & Conformance)
- Avoid sending personal information.
- Verify suspicious information and report it to IT and Security team.
- Use strong passwords, do not reuse passwords.
If you face any problem, Let me know in the comments or you can directly
reach me at hackwithv@gmail.com
Comments
Post a Comment