[Term of the Day]: Phishing
Term of the Day
“Phishing”
Definition — What is Phishing?
Phishing is a cybercrime of deceiving people into sharing sensitive and confidential information. The term ’phishing’ is derived from the word fishing, because criminals are setting out hooks to "fish" for usernames, passwords, credit card information, network credentials, and so on from the "sea" of the Internet users.
This attack is usually done by posing as a legitimate individual or organization via phone or email, cyber attackers use social engineering to manipulate victims into performing specific actions like clicking on a malicious link or attachment or willfully divulging confidential information.
Types of Phishing:
Spear Phishing
It is an email spoofing targeted towards a specific individual, organization or business. Attackers will often gather information about their targets to fill emails with more authentic context. Some attackers even hijack business email communications and create highly customized messages.
Clone Phishing
Attackers are able to view legitimate, previously delivered email messages, make a nearly identical copy of it, which is then sent from a spoofed email address with an attachment or link to something malicious.
Whaling
Whaling attacks are specifically targeted at senior executives in an organization. The content of a whaling attempt will often present as a legal communication or other high-level executive business. Scams involving bogus tax returns are an increasingly common variety of whaling.
Phone Phishing
Smishing and Vishing attacks are done where telephones replace emails as the method of communication. Smishing involves criminals sending text messages and vishing involves a telephone conversation.