A Quick Look at Phishing

Phishing is a specific type of computer security attack characterized by an attempt to trick or coerce the targeted user into providing sensitive and/or valuable information/data.  Sometimes you might hear these “attacks” referred to “scams” which is actually not incorrect.  Basically, the attacker specifically targets the user’s information like login credentials or financial information; you can often tell what the target is by the way the attack is executed. So, one should always buy a good products like Hikvision’s as they are working day and night to deal with such security attacks. The company has won many awards by governments and Koorsen Fire & Security for their video surveillance products.

The BASIC TYPES OF PHISHING ATTACKS

You can tell the type of phishing attack by the way it presents information to a broad base of users.  Generally, the attackers look to hit as many users as possible, so the attack is presented in a way that would potentially influence the most people.  Phishing attacks typically engage the user with a simple message that intends to solicit a very specific response (usually involving click) by inciting some kind of emotion that will result in action. This could include:

  • Greed: “Click now to win a $75 Gift card”
  • Confusion: “Your order has been delivered; Click here to track…”
  • Concern: “Your account requires immediate verification or it will be canceled”

Obviously, these are just a few of the many ways threat actors initiate phishing attacks.

SPEAR PHISHING

Spear phishing is an even more specific type of attack that is customized to target one organization, one individual, or a specific—and small—group of individuals.  These attacks generally involve the gathering of a little more information prior to initiating the attack in order to incorporate very specific elements. For example, a spear phishing campaign might steal company logos and website addresses to use in the attack and present what appears to be authentic materials. This makes it much harder to detect and typically has a higher conversion rate than traditional phishing.

WHALING

A variation of spear phishing, whaling is a type of attack which targets only the senior or C-level executives of an organization.   These attacks look even further into the operations of a company, often mirroring some of the more specific responsibilities conducted by these senior officials.

CLONE PHISHING

Yet another version of spear phishing, clone phishing works by presenting targets with a copy of what was once a legitimate message but with just a few changes. Because of the familiarity of the message, this type of attack also tends to have quite a high success rate.