Overview[1]#

Phishing is an Attacks to obtain data including sensitive information such as usernames, passwords, and Payment Card details (and, indirectly, money), often for malicious reasons, by disguising as a trustworthy entity in an Telecommunications.

Phishing is an example of social engineering techniques used to deceive users, and exploits weaknesses in current web security.

Phishing typically directs users to enter personal data at a fake website, the look and feel of which are almost identical to the legitimate one. Communications purporting to be from social web sites, auction sites, banks, online payment processors or IT administrators are often used to lure victims. Phishing emails may contain links to websites that are infected with malware.

Phishing Attacks#

More than 2/3 of the incidents in 2015 involved Phishing (Verizon Data Breach Investigations Report).

One-Time passwords help against password-based attacks but NOT Phishing

Phishing leads to other Attacks#

Phishing is often just the entry point to more attacks. To obtain a perform such attacks like pass-the-hash or pass-the-ticket, the attacker needs credentials of a user to get in the door.

More Information#

There might be more information for this subject on one of the following:
  • [#1] - Phishing - based on information obtained 2017-05-05-

Add new attachment

Only authorized users are allowed to upload new attachments.
« This page (revision-11) was last changed on 21-Jun-2017 09:14 by jim