Phishing
More than 90% of successful hacks and data breaches start with phishing scams. Phishing is a threat to every organisation across the globe, the risk is indiscriminate when it comes to sector or size of business. Get the information you need to prevent attacks.
What is Phishing?
Phishing is the process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity using bulk email which tries to evade spam filters.
Emails claiming to be from popular social web sites, banks, auction sites, or IT administrators are commonly used to lure the unsuspecting public. It’s a form of criminally fraudulent social engineering.
Malware
Phishing scams involving malware require it to be run on the user’s computer. The malware is usually attached to the email sent to the user by the phishers. Once you click on the link, the malware will start functioning. Sometimes, the malware may also be attached to downloadable files.
Spear-Phishing
Think of spear phishing as professional phishing. Classic phishing campaigns send mass emails to as many people as possible, but spear phishing is much more targeted. The hacker has either a certain individual(s) or organisation they want to compromise and are after more valuable info than credit card data. They do research on the target in order to make the attack more personalised and increase their chances of success.
Trojan
A Trojan horse is a type of malware designed to mislead the user with an action that looks legitimate, but actually allows unauthorised access to the user account to collect credentials through the local machine. The acquired information is then transmitted to cyber criminals.
Social Engineering
Users can be manipulated into clicking questionable content for many different technical and social reasons. For example, a malicious attachment might at first glance look like an invoice related to your job. Hackers count on victims not thinking twice before infecting the network.
Email/Spam
Using the most common phishing technique, the same email is sent to millions of users with a request to fill in personal details. These details will be used by the phishers for their illegal activities. Most of the messages have an urgent note which requires the user to enter credentials to update account information, change details, or verify accounts. Sometimes, they may be asked to fill out a form to access a new service through a link which is provided in the email.
Ransomware
Ransomware denies access to a device or files until a ransom has been paid. Ransomware for PC's is malware that gets installed on a user’s workstation using a social engineering attack where the user gets tricked in clicking on a link, opening an attachment, or clicking on malvertising. Ransomware also takes a copy of your data to 'charge' you twice, once for the encryption key and again for deleting the data they've taken!
Domain Spoofing
One example is CEO fraud and similar attacks. The victim gets an email that looks like it's coming from the boss or a colleague, with the attacker asking for things like W-2 information or funds transfers. We have a free domain spoof test to see if your organisation is vulnerable to this technique.
Session Hijacking
In session hijacking, the phisher exploits the web session control mechanism to steal information from the user. In a simple session hacking procedure known as session sniffing, the phisher can use a sniffer to intercept relevant information so that he or she can access the Web server illegally.
Vishing (Voice Phishing)
In voice phishing, the phisher makes phone calls to the user and asks the user to dial a number. The purpose is to get personal information of the bank account through the phone. Vishing is mostly done with a fake caller ID.
Smishing (SMS Phishing)
Phishing conducted via Short Message Service (SMS), a telephone-based text messaging service. A smishing text, for example, attempts to entice a victim into revealing personal information via a link that leads to a phishing website.
Keyloggers
Malvertising
Web Based Delivery
Web based delivery is one of the most sophisticated phishing techniques. Also known as “man-in-the-middle”, the hacker is located in between the original website and the phishing system. The phisher traces details during a transaction between the legitimate website and the user. As the user continues to pass information, it is gathered by the phishers, without the user knowing about it.
Phishing through Search Engines
Some phishing scams involve search engines where the user is directed to product sites which may offer low cost products or services. When the user tries to buy the product by entering the credit card details, it’s collected by the phishing site. There are many fake bank websites offering credit cards or loans to users at a low rate but they are actually phishing sites.
Content Injection
Content injection is the technique where the phisher changes a part of the content on the page of a reliable website. This is done to mislead the user to go to a page outside the legitimate website where the user is then asked to enter personal information.
Link Manipulation
Link manipulation is the technique in which the phisher sends a link to a fake website. When the user clicks on the deceptive link, it opens up the phisher’s website instead of the website mentioned in the link. Hovering the mouse over the link to view the actual address stops users from falling for link manipulation.