Get Instahack License - A Massive instagram Bruteforce tool. Contact Us Buy Now!
Home
Articals
Ethical Hacking

Phishing Attack

phish , phishing attack , attack , ethical hacking
Phishing is an attempt to grab sensitive information and identity, such as credit card details (while doing online transactions or e-marketing- indirectly money), username, and password (while using personal email account or other social networking sites). The term Phishing sounds similar to fishing due to the use of bait to catch the victim as people for a while catching a fish.







This chapter is not about motivating you for phishing; it educates you to keep yourself

 safe from such attacks.

Table of Contents..
1. Areas Where Phishing Can Be Performed.
2. Types of Phishing.
3. Protection and Countermeasures Against Phishing.

Areas Where Phishing Can Be Performed

Auction websites, online buying sites, social networking websites, bank websites, online payment processing websites are commonly the target area of hackers to tempt unsuspected victims in a large number. This technique is carried out by instant messaging (IM), or e-mail is spoofing and often compels users (of that website(s)) to enter their username, password, PIN, other secret codes; at a fake website which looks and feels precisely similar to the legitimate website. Phishing is the logical form of social engineering attack to deceive the victim. Now think like a victim, where phishing scams will send links to you that will suppose o take you to a trusted site. It could also be an email that seems like it came from a bank and could force you to log-in to your account. As you use your username and password to sign-in, the hackers at ones get your Username and password and take malicious access to your account.

Types of Phishing

To become an Ethical Hacker or Cyber security expert, you must know the possible techniques that can be performed under a Phishing attack. Let's check out some of the phishing types and sub-categories:

  1. Instant Messaging: is the method by which the user gets a message with a link that directs the target user to a fake phishing website that looks similar to the original website. If the user doesn't see the URL (Uniform Resource Locator), it seems hard to identify the difference between counterfeit and the original one.
  2. Spamming: Phishers or digital criminals performing phishing activity sends the same e-mail to millions of users requesting them to fill the personal details. These details are used by phishers to do illicit activities.
  3. Trojan horse as Hosts: These are invisible hacker's program which logs into user accounts to collect the victim's information; the acquired information is obtained and transferred to its creator or the phisher who sends it.
  4. Web-based Delivery: Also termed as 'Man in the Middle' (MITM) attack, where the attacker secretly relays and or alters the communication between two parties. Here the phisher stands between the legitimate website and the user. As the sensitive data is passed, the phisher receives that information without the user's consent or knowledge.
  5. Phishing using Keylogger: Key loggers are malicious programs that record every keystroke made by the user of the computer, which is infected by keylogger o gain fraudulent access. These keystrokes are then sent by the keylogger program directly to
  6. Phishing using Content Injection: Content injection is a method used by phishers to replace the part(s) of content on a trusted website's page, usually done to mislead the user to go to a page outside the legitimate webpage where the user is asked to enter personal information.
  7. Phishing through Search Engines: Search engines are also used for phishing scams, where users are directed to product sites offering low-cost products or services. When the user tries to buy the products by entering credit card details, then it is collected by the phisher site. For doing this type of phishing, PHP, ASP, JSP, etc. languages are used to develop this type of page.
  8. Phone-based phishing: In this technique, the phisher makes calls to the targeted user and ask to dial a number. Here, the phisher's purpose is to get bank account information through the phone. Phone phishing is mainly done with a fake caller ID.

Protection and Countermeasures Against Phishing

  • Use trusted Security Software.
  • Never Ever give personal information over e-mail or private messages.
  • Be cautious while opening malicious links and attachments.
  • Use an On-screen keyboard to type sensitive information, passwords, PIN, etc.


      Previous Chapter : Physical  Security ❯          Next Chapter : Computer Virus 




Getting Info...
#Articals #Ethical Hacking #phishing attack

Post a Comment

Thanks For Connecting Us
Cookie Consent
We serve cookies on this site to analyze traffic, remember your preferences, and optimize your experience.
More Details
Oops!
It seems there is something wrong with your internet connection. Please connect to the internet and start browsing again.
AdBlock Detected!
We have detected that you are using adblocking plugin in your browser.
The revenue we earn by the advertisements is used to manage this website, we request you to whitelist our website in your adblocking plugin.
Site is Blocked
Sorry! This site is not available in your country.