UrbanPro
true

Learn Ethical Hacking from the Best Tutors

  • Affordable fees
  • 1-1 or Group class
  • Flexible Timings
  • Verified Tutors

Search in

The Art of Phishing

R
Ramakrishnan Nataraj
08/04/2017 0 0

Similar to real-life fishing, phishing scams aren’t always best when they rely on advanced tactics, but there are many new techniques motivated by social networks. So what is phishing, and what should you be wary of?

The Basics of Phishing

According to Microsoft’s Safety & Security Center, phishing can be summed up as:

“A type of online identity theft. It uses email and fraudulent websites that are designed to steal your personal data or information such as credit card numbers, passwords, account data, or other information”.

In other words, phishers are the Loki of the Internet. They’re tricksters. Often, the techniques used by phishers have absolutely nothing to do with exploiting zero-day threats. Instead, they exploit human psychology.

There is one point on which I disagree with Microsoft, however, and that’s their description of phishing as “a type of online identity theft”. This isn’t always the case. As I’ll explain in some examples of recent scams, phishing tactics are often used to simply harvest data or to trick people into purchasing a product.

Traditional Phishing

In many cases, Microsoft is correct. Many phishing attacks are attempts to steal personal information. Often, they do so using link manipulation and website forgery. The traditional example is an email that seems to come from a legitimate source, like your bank. It claims that there’s been some problem, or perhaps offers you a lower interest rate on a credit card. All you need to do is log in via the link in the email, which appears legitimate.

PHISHING_Mail

But it’s not. The link has been manipulated to look correct, but it actually redirects you to a forged website. Once you enter your login information, the phisher has it, and can use it to log in and use your account. Sometimes, the attack will go further and request you to fill in personal information like your social security number, credit card number, address, and so on. Identity theft is just a hop, skip and a jump away from there.

Traditional phishing can be combated by refusing to follow links in such emails. If you receive something from your bank that claims you need to log into your account, simply go to your bank’s website by entering the URL manually and then log in. In fact, some banks and other organizations no longer even send links to users precisely because doing so makes phishing attacks more effective, as users become confused about what is and is not legitimate.

You can also combat phishing using an Internet Security suite with anti-phishing features. These monitor your browser and look for signs that a website is a forgery. Extensions like Web of Trust can also be effective.

Phone Phishing

Within the last few years, phone phishing has become a popular tactic. I myself received a phone call last month claiming to be from the Federal Credit Union Administration, which said my debit card had been locked due to potential identity theft. All I had to do to rectify the situation was give them my debit card information so my account could be verified. Of course, it’s a total scam, and one that’s been going on for years. If you enter your information, it can easily be used for fraudulent purchases.

There’s no software solution to this particular threat, so you simply have to be skeptical. If you receive a call from an organization that wants personal information, call them back at a publicly listed number, rather than the one provided for you in the voicemail.  Phone phishing also tends to give itself away by being vague – usually, it won’t claim to actually be from your credit card company or bank specifically, but something more general, such as the “Federal Credit Union Administration” call I received.

Social Network Phishing

The rise of social networks has given phishing new life. After all, social networks are all about sharing. It’s not at all unusual for a friend to post a link to a nifty article, so users are less likely to be skeptical, and more likely to click on a phishing link.

That’s the bad news. The good news is that phishing on social networks usually isn’t as severe. Usually, the deception will be something like the lottery winning scams, which are simply looking to harvest email addresses or send people to affiliate links. You might be annoyed by additional spam, but that’s it.

Still, some of these attacks can be fairly harmful. Banks have Twitter feeds and Facebook pages too, and fake ones can be used to try and lure users to forged websites, just like a bogus email. These accounts can be hacked, too. The Bank of Melbourne experienced this, although as is often the case with phishers, the messages sent by the compromised account weren’t of high enough quality to fool many people.

Phishing on social networks can be combated the same way as phishing through email. Security software and extensions can help. You can also use a link preview extension to see if an abbreviated link is sending you where it claims.

Conclusion

Phishing will always exist, because there will always be ways to trick people. It’s easy to look down upon the victims as being stupid, but often the people who fall for the tricks simply lack proper education about computers, or are in a situation that compromises their judgment (don’t check your email while drunk, or excessively tired).

In this case, knowledge is power. With skepticism and a few security tools, you can avoid phishing threats and shut down one of the most common methods of identity theft.  Have you been a victim of phishing?

0 Dislike
Follow 0

Please Enter a comment

Submit

Other Lessons for You

How to crack CEH?
Learn all the modules taught in the CEC course at infysec, practise thoroughly and then crack CEH - EC COUNCIL within 2 months time frame.

Black Box VS Gray Box VS White Box Pentesting Difference?
Penetration testing, often referred to as penetration testing or penetration testing, is a security method that simulates a cyber attack on a computer system, network, or application to identify vulnerabilities...

Ethical hacking : Important points for beginners
Dear passionate learners, I am posting below lesson to create enthusiasm among you all for learning ethical hacking . A beginner in Ethical Hacking is always in dilemma. Below are some misconceptions,...

Type Of Hacker
There are three types of hacker. white hat hacker(ethical hacker)Grey hat hackerBlack hat hacker What is white hat hacker (ethical hacker)? “Ethical hacker” at parameter security, which...

How to get into cybersecurity in 2024
Demand for Cybersecurity professionals is high and growing Entry-level positions may not require a formal degree and instead prioritize skills Coming from a technical field with transferable skills...
X

Looking for Ethical Hacking Classes?

The best tutors for Ethical Hacking Classes are on UrbanPro

  • Select the best Tutor
  • Book & Attend a Free Demo
  • Pay and start Learning

Learn Ethical Hacking with the Best Tutors

The best Tutors for Ethical Hacking Classes are on UrbanPro

This website uses cookies

We use cookies to improve user experience. Choose what cookies you allow us to use. You can read more about our Cookie Policy in our Privacy Policy

Accept All
Decline All

UrbanPro.com is India's largest network of most trusted tutors and institutes. Over 55 lakh students rely on UrbanPro.com, to fulfill their learning requirements across 1,000+ categories. Using UrbanPro.com, parents, and students can compare multiple Tutors and Institutes and choose the one that best suits their requirements. More than 7.5 lakh verified Tutors and Institutes are helping millions of students every day and growing their tutoring business on UrbanPro.com. Whether you are looking for a tutor to learn mathematics, a German language trainer to brush up your German language skills or an institute to upgrade your IT skills, we have got the best selection of Tutors and Training Institutes for you. Read more