Introduction
Let's kick this chapter off with an introduction to phishing.
We'll cover the following
What is phishing?
Phishing is the first attack we’ve covered that attacks the user instead of the software. In a phishing attack, the attacker sends an email to the victim and tricks the victim into doing something the attacker wants them to do-generally, reveal their login credentials. Once an attacker has the victim’s credentials, they are no longer impeded by the defenses that we’ve carefully built up over the previous chapters.
No need for an attacker to look for unpatched servers, weak cryptography, or SQL injection if they can just log in and use the system as a legitimate user. It sounds simple, and it is technologically simpler than the attacks we’ve covered so far, but there’s no prize for complexity. Phishing continues to be a problem because it continues to be effective.
Q U I Z
Get hands-on with 1400+ tech skills courses.