Phishing is now a common term we all hear about, but what is phishing? Phishing is “A technique for attempting to acquire sensitive data, such as bank account numbers, through a fraudulent solicitation in email or on a web site, in which the perpetrator masquerades as a legitimate business or reputable person.”
Now you know what a phishing is, let’s move onto the TOP 10 list of terms you should know regarding phishing. Below is a list of common terms anyone should know when faced with a phishing scam or looking for services related to preventing phishing attacks.
A type of phishing attack whereby a legitimate, and previously delivered, email containing an attachment or link has had its content and recipient address (es) taken and used to create an almost identical or cloned email. The attachment or Link within the email is replaced with a malicious version and then sent from an email address spoofed to appear to come from the original sender. It may claim to be a re-send of the original or an updated version to the original.
Content injection is the technique where the phisher changes a part of the content on the page of a reliable website. This is done to mislead the user to go to a page outside the legitimate website where the user is then asked to enter personal information.
Link manipulation is the technique in which the phisher sends a link to a malicious website. When the user clicks on the deceptive link, it opens up the phisher’s website instead of the website mentioned in the link. Hovering the mouse over the link to view the actual address stops users from falling for link manipulation.
In session hijacking, the phisher exploits the web session control mechanism to steal information from the user. In a simple session hacking procedure known as session sniffing, the phisher can use a sniffer to intercept relevant information so that he or she can access the Web server illegally.
Phishing conducted via Short Message Service (SMS), a telephone-based text messaging service. A smishing text, for example, attempts to entice a victim into revealing personal information via a link that leads to a phishing website.
A general term for attackers trying to trick people into revealing sensitive information or performing certain actions, such as downloading and executing files that appear to be enign but are actually malicious.
Electronic junk mail or the abuse of electronic messaging systems to indiscriminately send unsolicited bulk messages.
While traditional phishing uses a ‘spray and pray’ approach, meaning mass emails are sent to as many people as possible, spear phishing is a much more targeted attack in which the hacker knows which specific individual or organization they are after. They do research on the target in order to make the attack more personalized and increase the likelihood of the target falling into their trap.
In phone phishing, the phisher makes phone calls to the user and asks the user to dial a number. The purpose is to get personal information of the bank account through the phone. Phone phishing is mostly done with a fake caller ID.
A specific kind of phishing that targets high-ranking members of organizations.
The definitions have been provided from the following sources:
OUR SECURITY SERVICES INCLUDE:
- Risk Assessments
- Penetration Testing
- Web Application Testing
- Security Awareness Training
- Managed SIEM
- Managed Security Services (MSSP)
- Security Consulting