Phishing attacks are launched to steal sensitive user data comprising of passwords and important login credentials. The attacker generally masquerades itself as a legitimate sender and sends an email, message or link infected with malware. It is a type of social engineering attack that can have devastating results. There are numerous types of phishing attacks, here we have listed few:
It refers to an attack in which a hacker deceives the user by impersonating as a legitimate website but steals away a person’s personal information. An email with malicious content often posing as a threat or urgent message is sent to force the user to click it. For example, sometimes they send the user an email posing as a mail from their bank regarding some discrepancy in the account. The user, often in all the haste, clicks on the link and is directed to an illegitimate site that steals away their passwords & login credentials.
The hacker personalizes the attack. Emails are specifically addressed and have the target’s name, position, company name etc. mentioned in them to win the user’s trust. This is done to dupe the user and make them click on the malicious link. When once the user parts away with their confidential information, their login credentials and sensitive data is stolen.
In this type of attack, the executives at the highest level are targeted. Generally the employees at top level do not undergo a security awareness training program which is why they are prone to cyber-whaling. An attempt is made to pitch the executives using specially designed emails or social engineered attacks. Then the attacker launches a BEC (Business Email Compromise) scam to use the executive’s email to initiate fraudulent wire transfer to a financial institution.
This attack resorts to domain name system cache poisoning. The alphabetical website name is converted into numerical IP address which is used to locate computer devices. The attacker then directs the user to a malicious website even if the user entered a correct website name.
An authentic website such as GoogleDocs, Dropbox etc. is mimicked to lure users to sign in. This way their passwords & login credentials are stolen.
How To Protect Yourself Against Such Attacks –
- Carefully check the URL of the website before clicking on it.
- Organizations must conduct employee training programs in which every employee should participate.
- Companies must invest in software that have the ability to analyze inbound emails in order to keep a check over the malicious links/ email attachments.
- Financial transactions should not be authorized through emails.
- Only enter the websites that begin with – https as such sites are much secure.
- Install a high quality anti-virus and update your system on a regular basis.
- For more information on IT Security, call Centex Technologies at (254) 213-4740.