As inspired by Duck Test "If it looks wrong, it probably is wrong." Phishing often looks fishy, but still people regularly fall victim to it. Phishing is a cybercrime where the sensitive information like passwords and credit card details are obtained from the users for malicious reasons by fraudsters who impersonate themselves as genuine guys. These fraudsters make conversation with the users in such a way that users are compelled to believe their sensitive information is being asked for genuine purpose only. Fraudsters use emails or phone calls to carry out these phishing attacks. Phishing attack is a threat caused by cyber security and it is one of the types of social engineering attacks. Other social engineering attacks are pretexting, baiting, quid pro quo, tailgating. The article focuses on phishing attacks and it can be explained step by step in its life cycle as mentioned below.

Ten Common Phishing Attacks are as follows:

Cyber-Whaling is a fraud that targets high-profile end users such as corporate executives who handle huge finances, politicians, celebrities etc. The intention is malicious i.e. to obtain personal and sensitive information about the victims. Whaling is a terms especially used when the phishing attacks are directed at high profile individuals.
Pharming is a malicious practice in which the users are redirected to fake websites instead of legitimate ones by exploiting DNS entries.
Spear Phishing is an email attack that targets organizations, individuals etc in order to get financial gains, trade secrets, defense information etc. This is the most successful of all phishing attacks. In this, attackers first gather the information about the victims before launching the phishing attack (via mails etc). This increases the chances of success for the attackers.
Deceptive phishing is an email attack in which the fraudsters impersonate a legitimate and well known company such as PayPal, MasterCard etc to steal sensitive information from the users.
Mimic Phishing is an attack that mimics the trusted websites like Dropbox, GoogleDocs etc. They offer a complete duplicate of the sign-in screens for these websites and users have no reason to hesitate while logging in. This way attackers steal users' log-in credentials etc.
Nigerian Scam (Advance fee scam) is a fraud where the victim is promised a large sum of money through emails in return for a small advance payment. This is one of the most common attacks witnessed by a lot of people.
Banking scams and tax frauds announce a problem with banking or tax records and demands personal information to correct the problem.
Malware Based Phishing refers to scams where users are tricked into providing personal information by sending alerts and notifications from legal and well known malware companies.
Man-in-the-Middle Phishing (MITMA) refers to attacks in which the hackers get in between the sender and the receiver. The most common example is when users are carrying out online banking transactions. These hackers get their hands on to any encrypted or unencrypted information being exchanged and then use it later for malicious practices.
Content-Injection Phishing refers to an attack where the malicious content is inserted in to a legitimate website which will redirect the user confidential data to the phishing server.

The best way to guard yourselves from the phishing attack is to become more aware while on the internet. Users should be aware that the banks, tax departments and trusted agencies never ask for personal information online, so never divulge your personal (especially financial) details. It must be ensured that the email addresses of a sender must belong to authorized domain name. Never click any link which is lacking proof. Do not reply to emails requesting an "urgent" response. Try not to log-in to a website through facebook or other social media websites. Protect your system with anti-virus and anti-spyware software and beware of pop-ups, also never fill in the embedded forms unless you are absolutely sure.

By - Shivani Gautam, Assistant Professor, CSE Department, Chitkara University H.P.

References:-


Vol. 3, Issue 23, July 2017
Phishing - A social engineering attack As inspired by Duck Test "If it looks wrong, it probably is wrong." Phishing often looks fishy, but still people regularly fall victim to it. Phishing is a cybercrime where the sensitive information like passwords and credit card details are obtained from the users for malicious reasons by fraudsters who impersonate themselves as genuine guys. These fraudsters make conversation with the users in such a way that users are compelled to believe their sensitive information is being asked for genuine purpose only. Fraudsters use emails or phone calls to carry out these phishing attacks. Phishing attack is a threat caused by cyber security and it is one of the types of social engineering attacks. Other social engineering attacks are pretexting, baiting, quid pro quo, tailgating. The article focuses on phishing attacks and it can be explained step by step in its life cycle as mentioned below. Ten Common Phishing Attacks are as follows: Cyber-Whaling is a fraud that targets high-profile end users such as corporate executives who handle huge finances, politicians, celebrities etc. The intention is malicious i.e. to obtain personal and sensitive information about the victims. Whaling is a terms especially used when the phishing attacks are directed at high profile individuals. Pharming is a malicious practice in which the users are redirected to fake websites instead of legitimate ones by exploiting DNS entries. Spear Phishing is an email attack that targets organizations, individuals etc in order to get financial gains, trade secrets, defense information etc. This is the most successful of all phishing attacks. In this, attackers first gather the information about the victims before launching the phishing attack (via mails etc). This increases the chances of success for the attackers. Deceptive phishing is an email attack in which the fraudsters impersonate a legitimate and well known company such as PayPal, MasterCard etc to steal sensitive information from the users. Mimic Phishing is an attack that mimics the trusted websites like Dropbox, GoogleDocs etc. They offer a complete duplicate of the sign-in screens for these websites and users have no reason to hesitate while logging in. This way attackers steal users' log-in credentials etc. Nigerian Scam (Advance fee scam) is a fraud where the victim is promised a large sum of money through emails in return for a small advance payment. This is one of the most common attacks witnessed by a lot of people. Banking scams and tax frauds announce a problem with banking or tax records and demands personal information to correct the problem. Malware Based Phishing refers to scams where users are tricked into providing personal information by sending alerts and notifications from legal and well known malware companies. Man-in-the-Middle Phishing (MITMA) refers to attacks in which the hackers get in between the sender and the receiver. The most common example is when users are carrying out online banking transactions. These hackers get their hands on to any encrypted or unencrypted information being exchanged and then use it later for malicious practices. Content-Injection Phishing refers to an attack where the malicious content is inserted in to a legitimate website which will redirect the user confidential data to the phishing server. The best way to guard yourselves from the phishing attack is to become more aware while on the internet. Users should be aware that the banks, tax departments and trusted agencies never ask for personal information online, so never divulge your personal (especially financial) details. It must be ensured that the email addresses of a sender must belong to authorized domain name. Never click any link which is lacking proof. Do not reply to emails requesting an "urgent" response. Try not to log-in to a website through facebook or other social media websites. Protect your system with anti-virus and anti-spyware software and beware of pop-ups, also never fill in the embedded forms unless you are absolutely sure. By - Shivani Gautam, Assistant Professor, CSE Department, Chitkara University H.P. *References:-* https://jis-eurasipjournals.springeropen.com/articles/10.1186/s13635-016-0034-3 https://en.wikipedia.org/wiki/Phishing	About Technology Connect Aim of this weekly newsletter is to share with students & faculty the latest developments, technologies, updates in the field Electronics & Computer Science and there by promoting knowledge sharing. All our readers are welcome to contribute content to Technology Connect. Just drop an email to the editor. The first Volume of Technology Connect featured 21 Issues published between June 2015 and December 2015. The second Volume of Technology Connect featured 46 Issues published between January 2016 and December 2016. This is Volume 3. Previous Issue RansomWare - A FearWare Click here! Archives - Random Issue from Vol. 1 & 2 Li-Fi: A New Paradigm in Wireless Communication Click here! Editorial Team Chief Editor: Sagar Juneja Members: Ms Sandhya Sharma, Gitesh Khurani Arun Goyal, Ankush Gupta.




Disclaimer:The content of this newsletter is contributed by Chitkara University faculty & taken from resources that are believed to be reliable.The content is verified by editorial team to best of its accuracy but editorial team denies any ownership pertaining to validation of the source & accuracy of the content. The objective of the newsletter is only limited to spread awareness among faculty & students about technology and not to impose or influence decision of individuals.

About Technology Connect

Previous Issue

Archives - Random Issue from Vol. 1 & 2

Editorial Team