Phishing is a form of fraud in which a person or group of people are contacted by email, telephone or text message by someone posing as a legitimate organization to tempt individuals into providing sensitive data such as PII & SPI (Personally Identifiable Information/Sensitive Personal Information), passwords or banking and credit card details.

The information is then used to access important accounts and can result in identity theft and financial loss.

Phishing is an example of social engineering techniques being used to deceive users.

Phishing is popular with cyber criminals, as the people remains weakest link of the organization and it is far more easier than trying to break the computer network defenses.

The dangers of being phished are endless.

Successful phishing involves the scammer gaining unauthorized access to an organization's private information, which they then use adversely.

They often also target financial information such as bank account details to cause a financial damage to organization or person.

Organization may also suffer from reputation damage, they may be seen as incompetent and untrustworthy

A successful phishing attack can also be used as base to close down access of the important systems and demand ransom.

                 

Since it leverages weaknesses in human interfaces it gives scale and the ability to go after hundreds or thousands of users - all at once.

All it take is just one click to damage entire organization or take a financial loss to self.

Phishing accounted for 71% of all targeted cyber attacks in 2017. In 2018, the number of phishing attacks rose by 27.5%to reach over 137 million.

While it is one of the oldest tricks that a threat actor can use, it is still one of the easiest ways to gain access to a system.

Its all about hacking the human.

Spear phishing attacks are directed at specific individuals or companies usually using information which is very specific to victim to look like more authentic.

Pharming is a type of phishing that depends on DNS cache poisoning to redirect users from a legitimate site to a fraudulent one.

Clone phishing attack use previously delivered, but legitimate emails that contain either a link or attachment. Attackers make a copy/clone of the legitimate email, replacing link with malicious link and attachments with malware attachments

Phishers also use evil twin Wi-Fi attack by creating a rogue access point and advertising it with a deceptive name that look like legitimate.

Voice phishing or vishing that occurs over voice communication media including VoIP or telephone service

SMS phishing uses text messaging to convince victims to disclose sensitive information

Phishing campaigns generally use one or more of a variety of link manipulation techniques - such as URL hiding or link shortening or homograph spoofing in which URLs are created using different logical characters to read exactly like trusted domain to trick victims into clicking.

Another phishing tactic relies on a covert redirect, where an open redirect vulnerability fails to check that a redirected URL is pointing to a trusted resource. In that case, the redirected URL is an intermediate, malicious page which solicits authentication information from the victim before forwarding the victim's browser to the legitimate site.

Always ensure that Check that the Web page you visit is a secure site. The web address must begin with https:// and a little closed padlock must be displayed on the status bar of the browser.

Do not forget to click on padlock and view the certificate, make sure it is issued by valid certificate authority, issued to the website you are visiting and is not expired.

Check the source of information received.

Don't reply to any email message that asks for your personal or financial information.

Do not download attachments with possibly dangerous file type, observe the email id from which you are receiving mail.

Think before you click! - When you receive links via email, hover over it and ensure they lead where they are supposed to lead?

Keep Your Browser Up to Date - Security patches are released in response to security loop holes that attackers exploit.

If you see such emails do not just ignore, Report!