* Phishing is the act of attempting to acquire information such as usernames, passwords, and credit card details by masquerading as a trustworthy .
* Communications should be from popular social web sites, auction sites, online payment processors or IT administrators.
* Phishing emails may contain links to websites that are infected with malware.
* Phishing is typically carried out by email spoofing or instant messaging and it often directs users to enter details at a fake website which looks similar to real one.
List of phishing techniques:
Spear phishing:
* Phishing attempts directed at specific individuals or companies have been termed spearphishing.Attackers may gather personal information about their target to increase their probability of success.
Clone phishing:
* A type of phishing attack whereby a legitimate and previously delivered email containing an attachment or link had its content and recipient address and it is used to create an almost identical or cloned email.
* The attachment or Link within the email is replaced with a malicious version and then sent from an email address spoofed to appear to come from the original sender. It may claim to resend the original information.
Whaling:
* Several recent phishing attacks have been directed specifically at senior executives and other high profile targets within businesses, and the term whaling has been coined for these kinds of attacks.
Website forgery:
* Once a victim visits the phishing website, the deception is not over. Some phishing scams use JavaScript commands in order to alter the address bar.This is done either by placing a picture of a legitimate URL over the address bar, or by closing the original address bar and opening a new one with the legitimate URL.
* [note] The fake URL also shows HTTPs and security symbol in address bar.
Phone phishing:
* Not all phishing attacks require a fake website. Messages that claimed to be from a bank, told users to dial a phone number regarding problems with their bank accounts. Once the phone number (owned by the phisher, and provided by a Voice over IP service) was dialled, it prompts users to enter their account numbers and PIN.
* Vishing (voice phishing) sometimes uses fake caller-ID data to give the appearance that calls come from a trusted organization.
I hope you will be acquainted with phishing......be aware of it.
nice one hacker!! so phising is mainly used as an initial step in hacking???
ReplyDeletephishing is not an initial step....it is one type of hacking.
DeleteSo phishing can be done only when the individual responds to those spams... else there wont be any consequence..right??????
ReplyDeleteyeah....obviously
Delete