Phishing Attacks

Phishing is an example of social engineering with a touch of spoofing. It is where an attacker sends a fraudulent message designed to trick a victim into falling for a scam. This typically involves stealing financial credentials or other sensitive information. Phishing emails are common because it is easy, cheap, and effective. Email addresses are easy to obtain and emails are basically free to send. With a little bit of research on the victim, attackers can quickly gain valuable data. Those who fall for these scams may end up with malware, most commonly ransomware, identity theft, or data loss.

There are several different ways for cyber criminals to phish. When an attacker wants to target a whole group simultaneously, this is called pharming. The attacker can take over an entire DNS server or website, meaning everyone that accesses it will be redirected to the attacker's website, which may have malicious intent.

Vishing (voice phishing) is done over the phone or voicemail. This includes caller i.d. spoofing and fake security checks/bank updates.

Smishing (SMS phishing) is done over text message. This can again include spoofing and usually provides forward links for personal information.

Spear phishing is where the attacker targets an individual inside the target organization who would have access to inside information. This is done by gathering information from third party websites, like social media. The attacker will then put together all useful information (friends, family, employment, banks, etc.). Spear phishing the CEO of an organization is called whaling.