Phishing Attacks   





Published on : 08 June, 2018

Phishing accounted for 48 per cent of all cyber-attacks in Q1 of 2018. India is among top 3 countries most targeted for phishing. It’s important that all Organisations and Individuals should know how to spot and protect themselves from some of the most common phishing scams.

Deceptive Phishing:


The most common type of phishing scam, deceptive phishing refers to any attack by which fraudsters impersonate a legitimate company and attempt to steal people’s personal information or login credentials. Those emails frequently use threats and a sense of urgency to scare users into doing the attackers’ bidding.

Spear Phishing:


In Spear phishing scams, fraudsters customize their attack emails with the target’s name, position, company, work phone number and other information in an attempt to trick the recipient into believing that they have a connection with the sender. According to the SANS Institute, 95% of all attacks on enterprise networks are the result of successful spear phishing.

Whaling / CEO Fraud:


Whaling is an attempt to go after the “big fish.” First attackers will target high-level employees and executives to gain access to their email accounts or spoof them. If they’re able to do that, it puts the entire business at risk.

Vishing:


The term "vishing" is a socially engineered technique for stealing information or money from consumers using the telephone network. The term comes from combining "voice" with "phishing," which are online scams that get people to give up personal information. Technique used in this case is Caller ID spoofing in VoIP. It might appear that someone close to the corporation is calling or like an important outside entity like a bank or the Income Tax Department.

SMiSHing:


Similar to Vishing, SMiSHing is done over the phone but in the form of text messages. These can be extremely wide-reaching as the scammer can send out bulk amounts of the same text to many different numbers. Sometimes, the scammer attempts to trick people into believing that they’ve won a contest. They will then attempt to get the person’s information either by a link in the text or a prompt to call a number.

Pharming:


Pharming, a type of attack that uses Domain Name System (DNS) cache poisoning. By using cache poisoning, an attacker changes the IP address associated with a website name and redirects it to a malicious website.

Dropbox Phishing:


Dropbox, a file-sharing platform is particularly interesting to scammers looking for personal information. A Dropbox phishing attack uses an email that appears to be from the website and prompts the victim to log in. Then, this information is logged by the attacker and used to log in to the victim’s Dropbox. This often gives them the ability to access private files and photos as well as to take the account hostage.

In the same way Google Docs platform is attacked to steal personal information.

Phishing is constantly evolving to adopt new forms and techniques. With that in mind, it’s imperative that organizations conduct security awareness training on an ongoing basis so that their employees and executives stay on top of emerging phishing attacks.

References:


  1. http://www.newindianexpress.com/business/2018/may/25/india-among-top-3-countries-most-targeted-for-phishing-1819378.html
  2. https://blog.dashlane.com/phishing-statistics/
  3. https://resources.infosecinstitute.com/10-most-common-phishing-attacks/