Phishing in Ethical Hacking
Go through the “Spam” section of your Email. What do you see?? You might have won a brand new Audi or a mind-boggling amount in a lottery that you didn’t even purchase, asking for credit card details. Or your bank might be asking to verify your account details via email in urgency. Do you see things similar to the above cases in your spam section? This is where Phishing comes into picture.
Phishing is a type of Social Engineering attack that aims to obtain sensitive information including the bank account number, usernames, passwords, and credit card details. It is mostly done by sending fake emails that appear to have come from a legitimate source, or it can be in the form of Vishing. The recipient is mostly manipulated to click a malicious link that can install malware or access sensitive information. Or it can simply be a case of Typosquatting that redirects the recipient to a malicious website in order to obtain login credentials.
Common Features of Phishing Emails:
- It will have an eye-catching subject such as “Congratulations! You’ve won an iphone”.
- It will reflect a sense of urgency so that the recipient doesn’t get enough time to re-think and make a mistake in the hurry that can later benefit the attackers.
- It will have attachments that make no sense with respect to that email.
Threats of Phishing:
Almost all kinds of Internet theft is possible through Phishing. It can be very dangerous if the received malicious link is being clicked. It can:
- Redirect to a website used for malicious purposes.
- Install malware or Ransomware to the PC.
- Steal confidential data of the Internet users such as credit card information.
- Steal the identity of the users for the purpose of Identity theft.
The first and foremost thing that I recommend is to go through the email thoroughly. The attackers make tiny mistakes which often gets skipped while reading. Re-check the spellings, the source, the subject before taking any further step.
- Computer security tools should be in updated form.
- Never open suspicious email attachments.
- Never click on suspicious email links.
- Don’t provide confidential information via email, over phone or text messages.
- Don’t post your personal data, like your vacation plans, or your address or phone number, publicly on social media.
We are surrounded by threats. To mark us safe, all we can do is to spread awareness regarding the threats alongside the preventive measures. Spread awareness among your known ones. Stay safe.