What is phishing?

widget

Phishing is the act of using fraudulent emails in an attempt to gain sensitive information about a victim.

A hacker sends an authentic-looking email from a trusted authority, such as a bank, that asks the recipient to download an attachment or click a link. If the victim downloads the attachment, it installs a virus on the victim’s computer (e.g., a keylogger that gains personal data). If the victim clicks on the link, the user is redirected to an authentic-looking website that asks for their credentials. Once the user clicks next, the hacker receives the information and redirects them to the actual webpage.

With the advancements in technology and the introduction of new tools, like phishing kits, these attacks are as widespread today as they were when they first emerged.

Phishing techniques

1. Email phishing scam

An attacker sends out hundreds of authentic-looking emails, as seen in the example below. These emails do not contain any personal information. The hacker believes that a handful of people will fall prey to such techniques and, therefore, their data can be gathered. The hacker spends some time trying to generate an email that mimics the original email as closely as possible. This can trick even the most careful users. The message is usually marked urgent and, therefore, the user will act immediately without confirming that the email is actually from the bank.

2. Spear Phishing

Spear phishing is similar to email phishing in that hackers send an email to the victim. These emails, however, are more targeted and may contain the name and information of that particular user. This builds credibility and, consequently, the user is more likely to fall prey.

3. Whaling

Whaling is similar to an email phishing attack except that it targets high-ranking employees (e.g., CEOs and other high-value targets). These emails claim to require immediate action and are from other corporate or government agencies, which usually ensures that a CEO will click on the attachment and become a victim.

The following image shows an example of a phishing email and the ways to identify its authenticity:

widget

Common features

  • Urgent: Phishing emails will usually ask the users to take prompt action as there may be a security risk involved.
  • Links: The email may contain links that the user is asked to click to update passwords, login, etc.
  • Attachments: The email may contain some attachments that ask to be download.
  • Sender: The email will not be sent from an official company, bank, or government email.
  • Offers: Offers from supermarkets or online stores that are too good to be true. Free laptops, phones, or huge discounts may be used to lure the victim.

Prevention

  • Contact the company personally if verification is required.
  • Open the company website by searching the browser rather than clicking the URL.
  • Use security software that can detect trojans and viruses.
  • Use multi-factor authentication on actual accounts. It is unlikely that the forged website will require multi-factor authentication; therefore, it can be a red flag.
  • Check the spellings of the URL that you are re-directed to. Usually, the URL will contain differences such as ‘.org’ where there is usually a ‘.com.’
  • Ensure that the connection is https as most companies and banks use an encrypted connection.
Copyright ©2024 Educative, Inc. All rights reserved

Learn in-demand tech skills in half the time

PRODUCTS

Mock Interview

New

Courses

Skill Paths

Projects

Assessments

TRENDING TOPICS

Learn to Code

Tech Interview Prep

Generative AI

Data Science

Machine Learning

GitHub Students Scholarship

Early Access Courses

Blind 75

Pricing

For Individuals

Try for Free

Gift a Subscription

CONTRIBUTE

Become an Author

Become an Affiliate

Earn Referral Credits

RESOURCES

Blog

Cheatsheets

Webinars

Answers

ABOUT US

Our Team

Careers

Hiring

Frequently Asked Questions

Contact Us

Press

LEGAL

Privacy Policy

Cookie Policy

Terms of Service

Business Terms of Service

Data Processing Agreement

INTERVIEW PREP COURSES

Grokking the Modern System Design Interview

Grokking the Product Architecture Design Interview

Grokking the Coding Interview Patterns

Machine Learning System Design

Tiktok Streamline Icon: https://streamlinehq.com

Copyright ©2024 Educative, Inc. All rights reserved.

soc2