Phishing is an example of social engineering techniques used to deceive users, and exploits weaknesses in current web security.
Phishing typically directs users to enter personal data at a fake website, the look and feel of which are almost identical to the legitimate one. Communications purporting to be from social web sites, auction sites, banks, online payment processors or IT administrators are often used to lure victims. Phishing emails may contain links to websites that are infected with malware.2015 involved Phishing (Verizon Data Breach Investigations Report). attacks. To obtain a perform such attacks like pass-the-hash or pass-the-ticket, the attacker needs credentials of a user to get in the door.
More Information#There might be more information for this subject on one of the following:
- 3D Secure
- Authentication Context Class Values
- DNS cache poisoning
- IDN homograph attack
- Internationalized Resource Identifiers
- Public Key Infrastructure Weaknesses
- SIM Swap
- Unvalidated redirects and forwards
- Verizon Data Breach Investigations Report