Cybersecurity

Phishing

Phishing attacks are a type of cyberattack that utilizes social engineering to gain unauthorized access to the target. These attacks focus on penetrating the defenses of the person rather than the system. The deceived victim takes actions to let the seemingly innocuous entity through the defenses.

Example:

An attacker uses the spoofed email customer_support@apple.com to send a phishing email to their victim. The email states that the victim has been hacked and that they need to reset their password. There is a link in the email that the victim can click on to reset their password. However, this link takes them to a fake website that looks like the real Apple website where they are prompted to enter their password. In this scenario, Apple's system defenses are powerful, but the victim has unknowingly let the attacker through.

Types of Phishing Scams:

Bulk Email Phishing

Scammers send a large number of emails counting on the fact that some people will not have their guards up.

Spear Phishing

Scammers target a specific person. This person tends to have critical information or authorizations that the scammer can use. Attackers targeting high-level executives or other notable figures are engaging in whale phishing

Business Email Compromise (BEC)

BEC attacks can take two forms: CEO Fraud or Email Account Compromise. CEO Fraud involves the scammer pretending to be the CEO of a company. Email Account Compromise involves the scammer pretending to be a lower-level employee of the company.

Smishing

SMS phishing involves sending messages to trick targets.

Vishing

Voice call phishing involves sending a voice message to trick targets.

References:

IBM Phishing Blog