Sunday, June 9, 2019

Week 1: Phishing

Week 1: June 9th, 2019


Here we are going to discuss the common threats to information security every week
with a detailed analysis of one topic per week. This week will look into Phishing threat.


Phishing- What does it mean. It's a social engineering technique to obtain other's
confidential information by a trick where an attacker sends an email or link which
appears to be a legitimate one, but it contains an either hidden a malicious link that
redirects them to a third-party website to extract personal info or might download
some malicious software without user's knowledge.


Let see some common categories of phishing and how to protect ourselves from those
attacks.


Vishing: Getting confidential information over a phone call by pretending to be company
agents or charities or government official is called Vishing. Ex: Asking SSN no over the
phone by pretending to call from government offices. How do we avoid it- Don't provide
any confidential information over the phone before verification either through email or
other modes of communication.


Smishing: Phishing happening through SMS is called Smishing.Ex: Getting SMS alerts
stating that you won a lottery and to claim the prize click in the SMS. On Click, it might
download a malicious virus on our phone. How do we avoid it?- Delete an SMS if it
comes from unknown parties without any proper knowledge.


Spear Phishing: Spear phishing targets specific user by posting themselves as employer
or friend where they get target info from either linked-in or Facebook sites. Before opening
up any such email, verify the credibility of the sender to avoid phishing.


URL Phishing: Its most common type phishing happening more frequently in many
places where attackers send a link similar to the original bank or organization with little
change in the spelling or domain. Before clicking on the link in the email, verify that the link
comes from the right source and letters not misspelled anywhere.


References
SECURITYTRAILS TEAM(2018, October 16). The most common network security threats.
Retrieved from

Preethi (n.d). 14 Types of Phishing Attacks That IT Administrators Should Watch For.

Retrieved from https://blog.syscloud.com/types-of-phishing/

No comments:

Post a Comment