0% found this document useful (0 votes)
14 views10 pages

PHISHING

Phishing

Uploaded by

Aditya Toshniwal
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
14 views10 pages

PHISHING

Phishing

Uploaded by

Aditya Toshniwal
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 10

PHISHING

TEAM MEMBERS:
BVS PRIYANKA - 20BDS0237
K SAI SHREYA - 20BCE2675
ASHUTOSH KUMAR - 20BCE2380
ADITYA TOSHNIWAL - 20BCE2862
PHISHING
● Phishing attacks are the practice of sending fraudulent
communications that appear to come from a reputable source.
● The goal is to steal sensitive data like credit card and login
information, or to install malware on the victim’s machine.It is usually
done through email.
● Phishing is a common type of cyber attack that everyone should learn
about in order to protect themselves
● Phishing starts with a fraudulent email or other communication that is
designed to lure a victim.
● The message is made to look as though it comes from a trusted
sender.
● If it fools the victim, he or she is coaxed into providing confidential
information, often on a scam website.
● Sometimes malware is also downloaded onto the target’s computer
TYPES OF PHISHING ATTACKS
1.Email Phishing:

Attackers typically register fake domain names that mimic real organizations
and send thousands of common requests to victims.
For fake domains, attackers may add or replace characters (e.g.
my-bank.com instead of mybank.com), use subdomains (e.g.
mybank.host.com) or use the trusted organization’s name as the email
username (e.g. mybank@host.com)
Email phishing messages have one of the following goals:
• Causing the user to click a link to a malicious website, in order to install
malware on their device.
• Causing the user to download an infected file and using it to deploy
malware
• Causing the user to click a link to a fake website and submit personal data.
• Causing the user to reply and provide personal data.
2. Angular Phishing:

● These attacks use fake social media accounts belonging to well


known organizations. The attacker uses an account handle that
mimics a legitimate organization (e.g. “@pizzahutcustomercare”) and
uses the same profile picture as the real company account.
● Attackers take advantage of consumers’ tendency to make
complaints and request assistance from brands using social media
channels.
● However, instead of contacting the real brand, the consumer
contacts the attacker’s fake social account
● When attackers receive such a request, they might ask the customer
to provide personal information so that they can identify the problem
and respond appropriately.
3. Spear Phishing:

● Spear phishing includes malicious emails sent to specific people.


The attacker typically already has some or all of the following
information about the victim.
● This information helps increase the effectiveness of phishing emails
and manipulate victims into performing tasks and activities, such as
transferring money
● Attackers invest time in collecting information about the target, which
can include personal details, work relationships, and even recent news
or events related to the target.
● Attackers may aim to steal sensitive data, compromise accounts, or
gain access to an organization's network. Spear phishing can lead to
significant financial and reputational damage.
4. Whaling:

● Whaling attacks target senior management and other highly


privileged roles.
● The ultimate goal of whaling is the same as other types of phishing
attacks, but the technique is often very subtle.
● Senior employees commonly have a lot of information in the public
domain, and attackers can use this information to craft highly
effective attacks.
● Typically, these attacks do not use tricks like malicious URLs and
fake links. Instead, they leverage highly personalized messages
using information they discover in their research about the victim.
● For example, whaling attackers commonly use bogus tax returns to
discover sensitive data about the victim, and use it to craft their
attack.
5. Smishing and Vishing:
● This is a phishing attack that uses a phone instead of written
communication.
● Smishing involves sending fraudulent SMS messages, while vishing
involves phone conversations.
● In a typical voice phishing scam, an attacker pretends to be a scam
investigator for a credit card company or bank, informing victims that
their account has been breached.
● Criminals then ask the victim to provide payment card information,
supposedly to verify their identity or transfer money to a secure account
(which is really the attacker’s).
● Vishing scams may also involve automated phone calls pretending to be
from a trusted entity, asking the victim to type personal details using their
phone keypad.
WAYS TO PROTECT YOURSELF FROM PHISHING

1. Employee Awareness Training:

Train employees to recognize and respond to security threats, fostering a


security-conscious workplace.

2. Deploy Email Security Solutions:

Implement robust email filtering and threat detection to block malicious emails and
attachments.

3. Make Use of Endpoint Monitoring and Protection:

Utilize endpoint security tools to monitor and safeguard individual devices from
malware and data breaches.
WAYS TO PROTECT YOURSELF FROM PHISHING
4. Conduct Phishing Attack Tests:

Regularly simulate phishing attacks to assess employee readiness and identify


areas for improvement.

5. Limit User Access to High-Value Systems and Data:

Apply role-based access controls to restrict user permissions and enhance


protection of critical assets.

6. Phishing Prevention with Check Point:

Employ Check Point's security solutions to proactively prevent, detect, and respond
to phishing threats.
THANK YOU

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy