Phishing (Spear-Phishing) is a Social Engineering Attack to obtain data including Sensitive Data such as usernames, passwords, and Payment Card details (and, indirectly, money), often for malicious reasons, by disguising as a trustworthy entity in an Telecommunications like Email.

Phishing is an example of Social Engineering Attack used to deceive users and exploits weaknesses in current Website security.

Phishing typically directs users to enter personal data at a fake website, the look and feel of which are almost identical to the legitimate one. Communications purporting to be from social web sites, auction sites, banks, online payment processors or IT administrators are often used to lure victims. Phishing emails may contain links to websites that are infected with malware.

Phishing may involve use of a HTML link to Malicious Website which then deploys Malicious Software

Phishing may use Punycode so HTML links appear to be reputable Organizational Entity

Phishing Attacks#

More than 2/3 of the incidents in 2015 involved Phishing (Verizon Data Breach Investigations Report).

One-Time passwords and other Multi-Factor Authentication help against your account being used to perform Phishing but not from you being the subject of Phishing

Phishing leads to other Attacks#

Phishing is often just the entry point to more attacks. For example, To obtain a perform such attacks like pass-the-hash or pass-the-ticket, the attacker needs credentials of a user to get in the door.

Phishing Example#

One trick that bad guys use a lot is called CEO Fraud. CEO Fraud involves a scam in which cybercriminals impersonate executives in order to fool an employee into executing unauthorized wire transfers, or sending out confidential Sensitive Data. A sense of urgency is usually employed, pressuring the victim to act before thinking. According to FBI statistics, CEO fraud is now a $12 billion scam.

More Information#

There might be more information for this subject on one of the following:
  • [#1] - Phishing - based on information obtained 2017-05-05-