jspωiki
Phishing

Overview[1]#

Phishing is an Attacks to obtain data including sensitive information such as usernames, passwords, and Payment Card details (and, indirectly, money), often for malicious reasons, by disguising as a trustworthy entity in an Telecommunications.

Phishing is an example of Social Engineering Attacker used to deceive users, and exploits weaknesses in current Website security.

Phishing typically directs users to enter personal data at a fake website, the look and feel of which are almost identical to the legitimate one. Communications purporting to be from social web sites, auction sites, banks, online payment processors or IT administrators are often used to lure victims. Phishing emails may contain links to websites that are infected with malware.

Phishing Attacks#

More than 2/3 of the incidents in 2015 involved Phishing (Verizon Data Breach Investigations Report).

One-Time passwords help against password-based attacks but NOT Phishing

Phishing leads to other Attacks#

Phishing is often just the entry point to more attacks. For example, To obtain a perform such attacks like pass-the-hash or pass-the-ticket, the attacker needs credentials of a user to get in the door.

More Information#

There might be more information for this subject on one of the following:
  • [#1] - Phishing - based on information obtained 2017-05-05-