Phishing - Cyber Attack and Defence

By

In this article, we are going to learn about Phishing a cyber attack, objectives, risk, how to identify the attack, and how to defend the attack. 

Disclaimer: The articles provided on HackWithV is purely for informational and educational purpose only, and for those who are willing and curious to know & learn about Cyber Security, Ethical Hacking, Software Development and IT Operations. Anytime the word "Hacking" that is used on this site shall be regarded as Ethical Hacking.

Table of Content


What is Phishing?

  • Phishing is a cyber attack, a fraudulent attempt to obtain sensitive information by disguising oneself as a trustworthy entity in an email. 
  • According to research, 91% of all cyber attacks begin with phishing. 

Main Objectives of Attacker


    The goal of an attacker is obtain the sensitive information as follow:
    • Personal Identifiable Information. 
    • Login credentials and passwords.
    • Financial information, account information and payment process.
    • Owed invoices or outstanding debts.
    • Company structure information, internal communication and defense posture.
    • Deploymnet of malware(keyloggers, RATs(Remote Access Trojans)).
    • Ransomware.

    Type of Phishing Attacks

    1. Phishing 
    2. Spear Phishing
    3. Whaling 
    4. Pharming
    5. Smishing
    6. Vishing

    Who is at Risk?

    • Everyone who conected to internet. 
    • Phishing fraud has affected the largest global corporations and governments all the way down to small business and individuals. 
    • Globally June 2016 to present, current losses are over $27 Billion USD. 


    How to Identify the Attack?

    We can identify the phishing attack by some warning signs as follow:
    • Urgency of request
    • Out of contact or lack of contact
    • Language and Grammar mistakes
    • Links and attachments 
    • No prior web presence or footprint
    • Use of chat apps: WhatsApp, Telegarm 
    • Use of non-traditional payment: money orders, gift cards
    • Use of irreversible/hard to track payment: wires, virtual currency

    How to Defend the Attack?

    • Awareness is key to defend the phishing
    • Use a good spam filter, but recognize it will not catch everything. 
    • Use authentication checking
      • SPF (Sender Policy Framework)
      • DKIM (DomainKeys Identified Mail)
      • DMARC (Domain-based Message Authentication, Reporting & Conformance)
    •  Avoid sending personal information. 
    • Verify suspicious information and report it to IT and Security team. 
    • Use strong passwords, do not reuse passwords.  


    If you face any problem, Let me know in the comments or you can directly reach me at hackwithv@gmail.com
     

    Be Aware, Be Secure.

    Thank You 🙏

     

    I'm a Cyber Security professional with expertise in Network, Application, Endpoint, Cloud Security, DevOps, and IT Ops. I have experience in various industries and am well-versed in relevant regulations and standards. My goal is to provide exceptional security solutions that protect organizations from evolving threats, while also streamlining workflows and improving collaboration between development, operations, and security teams through DevOps and IT Ops practices.

    Comments

    Post a Comment

    Popular posts from this blog

    Demo 1- How to Track Location by a Link

    By
    Image
    ↑ GPS: GPS stands for Global Positioning System . The Global Positioning System, originally NAVSTAR GPS, is a satellite-based radionavigation system owned by the United States government and operated by the United States Air Force. It is a global navigation satellite system (GNSS) that provides geolocation and time information to a GPS receiver anywhere on or near the Earth where there is an unobstructed line of sight to four or more GPS satellites. Obstacles such as mountains and buildings block the relatively weak GPS signals. Locator v1.0: Locator is a tool developed by "thelinuxchoice".This tool is implemented in Shell Scripting. This tool is implemented in Shell Scripting. Geolocator, Ip Tracker, Device Info by URL (Serveo and Ngrok). It uses tinyurl to obfuscate the Serveo link. Disclaimer:  Usage of Locator for attacking targets without prior mutual consent is illegal. It's the end user's responsibility to obey all applicable lo
    Read more

    Snyk - Ubuntu 20.04 (Linux)

    By
    Image
    In this article, we are going to learn about Snyk, features, and hands-on demo on how to install, usage and uninstall on Ubuntu 20.04(Linux).   Disclaimer:   The articles provided on HackWithV is purely for informational and educational purpose only, and for those who are willing and curious to know & learn about Cyber Security, Ethical Hacking,  Software Development and  IT Operations. Anytime the word "Hacking" that is used on this site shall be regarded as Ethical Hacking. Table of Content What is Snyk ?   Jump to Features   Jump to Hands-On   Jump to Requirements   Jump to Download   Jump to Install   Jump to Usage   Jump to Uninstall    Jump to Cheat Sheet    Jump to    What is Snyk ?  Snyk is a developer security platform for securing code , dependencies , containers , and infrastructure as code .  Integra
    Read more

    Cracking VNC Password Using Hydra

    By
    Image
    Today we are going learn how to crack the password of VNC service using Hydra Tool.  Disclaimer: The articles provided on HackWithV is purely for informational and educational purpose only, and for those who are willing and curious to know & learn about Ethical Hacking, Security and Penetration Testing. Anytime the word "Hacking" that is used on this site shall be regarded as Ethical Hacking. What is VNC? Virtual Network Computing ( VNC ) is a graphical desktop-sharing system that uses the Remote Frame Buffer protocol ( RFB ) to remotely control another computer.  What is Hydra? Hydra is a parallelized login cracker which supports numerous protocols to attack. New modules are easy to add, beside that, i
    Read more