Phishing is a method used by fraudster for stealing valuable personal data from a user. It is generally done by sending emails or creating fake websites. One of the most common attacks that we see on cyberspace is phishing and it is rapidly growing cyber threat. To get the personal information from people attacker send a fraud email to large no. of people and few might fall for the scam. The attacker will ask the victim to provide their sensitive information like credit card information, social security number or username, and password. Phishing is one of the most common cyber-attack it is very easy to do, and it also doesn't require much resources and time. Most of the phishing act are automated and the done in a bulk and they wait for the victim to put their information. The attacker will create a fake login form, malicious files or personalized message and send the victim to take the action on their email. If it reaches up to the victim, then they might think that the email is legitimate, and they might put their personal info and the attacker will use the credential for their own benefit.
More than 60% of cyber attacks are associated with phishing and social engineering.
Cyber-attack can be active or passive, we can say that phishing is a passive attack. Phishing is a continual attack and most of the attack is done on social media like Facebook, Twitter, and Instagram. The phishing email will contain a link to the fake website which will look exactly like the legitimate website. Phishing is also called brand spoofing because in this attack attacker is making a fake website of the original one. The attacker is looking for a new niche to attack from where they can gain a lot of profit. Before they used to steal iTunes account information but these they are moving to cryptocurrency platform [1].
Most of the cyber-attacks start with phishing because there is a chance that many people will fall for phishing scam easily. 91% of cyber attacks start with the phishing email [2]. 76% of cybersecurity experts uncovered that there were phishing attacks of some sort in their organizations in 2017. [3]. A phishing attack is being huge, and it is very important for any organizations to apply anti-phishing techniques to protect their sensitive data.
Types of Phishing
Attackers are using different kinds of phishing methods so that they can steal the credentials from the victim. Below are the most common types of phishing:
Deceptive phishing
This is one of the most common phishing types. In this kind of attack, the fraudster will create a website that looks like the website of the legitimate company and sends email to a lot of users with a call of action which will open the login page of the fake website. The attacker will steal the information if the victim inputs their personal information on that form. The attacker will send an email that resembles a legitimate email from the company personnel to get the trust of the victim. So, that victim easily falls for the scam.
In the above figure, we can see that display name is "Microsoft Team" but the email doesn't belong to Microsoft and this is one random email address. Here the email is sent with a link which refers to the phishing site. This is one example of a deceptive phishing email.
Spear Phishing
In spear, phishing attacker tries to trick the victim by being someone they know. For this attacker use the name, email, company or the phone number that the victim already knows and have connection with them. Purpose of doing so is to create more trust level for the attack. The victim will think that they have received an email from the people they know, and they might click on the link that is sent on the email or other media that is used for the attack.
Smishing
Smishing is a security attack that is done by sending a phishing message on the mobile device of the user with SMS. Since the use of the mobile device is increasing rapidly hackers are moving to mobile devices to trap the people. There are more than 2 billion smartphone phone users [4]. It is easier to spoof a text message hacker using SMS technology to send malicious links.
Search Engine Phishing
If the victim is building any websites and getting it indexed on the search engine for stealing personal credential from the people, it is called search engine phishing. Generally, the victim creates a fake website or the website with fake promises and then they submit their websites on popular search engines like Google, Yahoo, Bing. They do blackhat or greyhat SEO so that their page can be listed on the first page of the search engine. Whenever victim search for the keyword that attacker has targeted and if the page in the top then there is a good chance that victim will fall for the scam. Search engine phishing has become very popular in 2018 because many people use the search engine to find the things that they need, and they even trust the top results they appear on a search engine.
Attackers these days are also using the paid listing on a search engine. They will create an ad for their websites on the search engine and wait for the victim to fall for the scam [5]. It is more effective than traditional search engine phishing because when they paid for the advertisement the results are at the top and the legitimate website is listed below that.
Malware-Based Phishing
For malware-based phishing, the attacker will install the malware on the computer of the victim. They might attack the victim in a bulk or they might do a single attack. Once the malware is installed on the system of the victim the malware will start collecting the information from the machine and will submit it to the attacker. Some of the malware-based phishing are keyloggers, session hijackers and web Trojan. Sometime, an attacker might use the web browser extension to collect the activity of users and data.
Man in the middle
In this attack, the attackers place themselves in the middle of victim and the website they are trying to access. These days most of the websites and services uses 2 step verification so that if their account information is compromised then no one can access the account because they will need to provide one more credential. Due to rise of two factor authentications on most of the services attackers are using man in the middle attack so that they can steal the credential in the real time providing the 2-step verification code that victim had input.
References: