Phishing Attacks
Phishing is a form of social engineering where threat actors attempt to retrieve sensitive information by manipulating individuals, company employees, etc by impersonating as familiar individuals or companies associated with the recipient.
Types of phishing:
Email: This method is most common and is known for using fake domains which mirror real ones to request sensitive information such as login credentials, passwords, and bank account numbers.
Spear phishing: An attack made for a specific organization
or person via email to gain personal information including address, phone number, hometown, social status, other email addresses, job title, etc.
Whaling: Used to target senior executives or high-profile individuals.
Smishing & Vishing: Instead of emails, voice technology and SMS are the methods of retrieval.
Pharming: Instead of retrieving information, pharming inputs malicious code into a system, and when a link is clicked, the link redirects to fake sites full of malicious intent.
Who could be targeted?
Phishing attacks can be used to target based on industry, geolocation, or political affiliation. Threat actors research public data to filter companies and individuals based on subjects prioritized by the threat actors.
Why be aware of this attack?
Threat actors will deceive or manipulate you into providing personal or sensitive information that will be used illicitly.
How can a phishing attack be prevented?
1. Use strong passwords, or auto generated passwords.
2. Implement multi-factor authentication on your accounts. 3. Think before you click, and be careful what you download. 4. Use trusted antivirus/antimalware software.