Connect with us

Tech updates

You Just got Hacked? High Definitive Phishing; All You Should Know About Phishing

Published

on

Phishing attack is type of social engineering attack habitually used to filch user data, including login credentials and credit card numbers. It occurs when an attacker, camouflages as a trusted body, swindles a victim into opening an email, instant message, or text message. The user is then tricked into clicking a malicious link, which can lead to the installation of spywares and malwares. This spywares enables the perpetrator to obtain concealed information about the recipient’s computer activities by transmitting data covertly from their hand drive.

Most Common Phishing Attack

For businesses, I think Spear Phishing is most common even though email phishing is still effective to attackers. By Spear Phishing I mean the attackers, targeting specific individual or enterprises. So in this kind of phishing the attackers carefully studies and have a relative knowledge about a person or an organization, including its power structure.

ALSO READ  6 Medical Technology Breakthroughs That Will Make You Live Longer (See Pictures)

For examples;

1.     A perpetrator in his research gains access to the newest scheme invoices and also founds out key employees within an organization, whose credentials can open up access to lots of vulnerability.

2.     Posing as the Manager, the perpetrator may mail this employee, using a subject line that reads, Review Updated Invoice for Q2 Campaigns. The text, style, and included logo duplicate the organization’s standard email template.

3.     A link in the email redirects to a password-protected internal document, which is in actuality a spoofed version of a stolen invoice.

4.     The employee is requested to log in to view the document. The perpetrator steals his credentials, gaining full access to sensitive areas within the organization’s network.

By providing an attacker with valid login credentials, spear phishing is an effective method for executing the first stage of an Advanced Persistent Threat.

ALSO READ  Secrets Of Supermarkets You Need To Know Before Your Christmas Shopping.

As I said earlier email is still effective to some attackers.

For example in 2011 an attacker sent out an email titled “2011 recruitment plan” to a small group of employees within a Cyber Security Company. The email was loaded with a virus contaminated Excel file. One of the employees opened this file, which gave the attacker access to other employees’ passwords, and thus the whole system became vulnerable.

This gave the attacker access to many US government departments and US defence suppliers networks.

How to Protect against Phishing

Two-way Authentication

This is the most effective way, to countering phishing attacks, as it adds an extra verification layer when logging into sensitive areas. This sort of system would not only require a user’s password to allow access but makes use of other users’ credential to allow access. For instances the system may require a thumb-print as an additional security check, so even when the attacker has the recipient’s password, he may not be of any threat to the organization.

ALSO READ  Many Powerful Weaponry Owned By Nigerian Military That Will Bring Boko Haram To Its Knees (Photos)

 Implement Effective Email Security

Implementing a Secure Email Gateway should be any organization’s first line of defense against phishing attacks. Email Gateways act as a firewall for email communications, blocking any emails containing malicious content. They can also detect domain spoofing, protecting users from email that is impersonating one of their legitimate contacts.

Alongside email gateways,

Educational campaigns

Educational campaigns can also help diminish the threat of phishing attacks by enforcing secure practices, such as not clicking on external email links.

What are your thoughts on this, let’s get to hear from you, or have you been phished before? share your experience, and how you deciphered that it was a phishing job.

Advertisement