Scribd
Upload
187 views2 pages

Phishing Attack Documentation

Phishing attacks are fraudulent communications that appear to come from a trusted source in order to steal sensitive data or install malware. The document discusses how phishing works, the dangers it poses, and how to protect against it. It also describes common types of phishing attacks like deceptive, spear, whaling, and pharming phishing that target individuals, companies, or executives through customized communications or technical means. User education and layered security technologies are recommended to reduce the risk and impact of phishing attacks.

Uploaded by

Soumik Hazra
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
187 views2 pages

Phishing Attack Documentation

Phishing attacks are fraudulent communications that appear to come from a trusted source in order to steal sensitive data or install malware. The document discusses how phishing works, the dangers it poses, and how to protect against it. It also describes common types of phishing attacks like deceptive, spear, whaling, and pharming phishing that target individuals, companies, or executives through customized communications or technical means. User education and layered security technologies are recommended to reduce the risk and impact of phishing attacks.

Uploaded by

Soumik Hazra
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 2

Phishing Attack

Name: Soumik Hazra


Student Code: BSSE/UT/CS/18/021
Paper Name: Cyber Security
Paper Code: PEC-CS702E
Selected Topic: Phishing Attack

What Is Phishing?
Phishing attacks are the practice of sending fraudulent communications that appear to come from
a reputable source. It is usually done through email. The goal is to steal sensitive data like credit
card and login information or to install malware on the victim’s machine. Phishing is a common
type of cyber-attack that everyone should learn about to protect themselves. Native File Formats
Not only are their image formats, but many applications have their native file format. It is important
to understand that there is a difference between native file types and image file types. An example
of a native file type is a . PSD which stands for Photoshop Document. This file is created only by
Adobe Photoshop and can retain information such as layers, adjustments, masks, and other
Photoshop adjustments. It is always good to save a version of an image in the native format if plan
to make future edits to the image because the native file format will keep all editing information.
How does phishing work?
Phishing starts with a fraudulent email or other communication that is designed to lure a victim.
The message is made to look as though it comes from a trusted sender. If it fools the victim, he or
she is coaxed into providing confidential information, often on a scam website. Sometimes
malware is also downloaded onto the target’s computer.
What are the dangers of phishing attacks?
Sometimes attackers are satisfied with getting a victim’s credit card information or other personal
data for financial gain. Other times, phishing emails are sent to obtain employee login information
or other details for use in an advanced attack against a specific company. Cybercrime attacks
such as advanced persistent threats (APTs) and ransomware often start with phishing.

How do I protect against phishing attacks?


User education

One way to protect your organization from phishing is user education. Education should involve all
employees. High-level executives are often a target. Teach them how to recognize a phishing
email and what to do when they receive one. Simulation exercises are also key for assessing how
your employees react to a staged phishing attack.
Security technology

No single cybersecurity technology can prevent phishing attacks. Instead, organizations must take
a layered approach to reduce the number of attacks and lessen their impact when they do
occur. Network security technologies that should be implemented include email and web security,
malware protection, user behavior monitoring, and access control.
Types of phishing attacks
Deceptive phishing
Deceptive phishing is the most common type of phishing. In this case, an attacker attempts to obtain
confidential information from the victims. Attackers use the information to steal money or to launch
other attacks. A fake email from a bank asking you to click a link and verify your account details is an
example of deceptive phishing.
Spear phishing
Spear phishing targets specific individuals instead of a wide group of people. Attackers often research
their victims on social media and other sites. That way, they can customize their communications and
appear more authentic. Spear phishing is often the first step used to penetrate a company’s defenses
and carry out a targeted attack.

Whaling
When attackers go after a “big fish” like a CEO, it’s called whaling. These attackers often spend
considerable time profiling the target to find the opportune moment and means of stealing login
credentials. Whaling is of particular concern because high-level executives can access a great deal of
company information.

Pharming
Similar to phishing, pharming sends users to a fraudulent website that appears to be legitimate.
However, in this case, victims do not even have to click a malicious link to be taken to the bogus site.
Attackers can infect either the user’s computer or the website’s DNS server and redirect the user to a
fake site even if the correct URL is typed in.

You might also like