Phishing attacks are used in an attempt to acquire sensitive information such as usernames, passwords, credit card details, or money, often for malicious reasons, by masquerading as a trustworthy entity by using trusted electronic communication methods such as emails or the SMS system.
Types of phising attacks:
- Deceptive Phishing originally referred to account theft using instant messaging but the most common broadcast method today is a deceptive email message. The perpetrators masquerade as the bank you use or another financial institution in order to dupe you into “verifying” account details.
- Malware-Based Phishing refers to scams that involve running malicious software on users’ PCs. Malware can be introduced as an email attachment, as a downloadable file from a web site, or by exploiting known security vulnerabilities.
- Keyloggers and Screenloggers are particular varieties of malware that track keyboard input and send relevant information to the hacker via the Internet. They can embed themselves into users’ browsers as small utility programs known as helper objects that run automatically when the browser is started as well as into system files as device drivers or screen monitors. Most of the time, the users won’t even know they are there until it is too late.
- Session Hijacking is an attack where users’ activities are monitored until they sign in to a target account or transaction by using their credentials. At that point the malicious software takes over and can undertake unauthorized actions, such as transferring funds, without the user’s knowledge.
- Hosts File Poisoning is a problem most likely found on computers running the Windows operating system. As each Windows computer has a host file they look through, before doing a DNS lookup, hackers can rewrite data in the file to transport a user to a site very similar to the one they want and attempt to steal their login credentials, credit card details and more.
- System Reconfiguration Attacks are used to modify settings on a user’s PC for malicious purposes. This could be rewriting favorites, installing hidden software or even changing the code of a web browser in order to capture any information.
- Data Theft is a pretty scary thing in the business world. When someone finally gets your login details to a secure server on your network or passwords to hidden files, they can easily access the data and sell it for a tidy profit.
- Content-Injection Phishing is an phishing attack where hackers replace part of the content of a legitimate site with false content designed to mislead or misdirect the user into giving up their confidential information to the hacker.
- Man-in-the-Middle Phishing is mostly undetectable and thousands of users get caught with it. In these attacks hackers position themselves between the user and the legitimate website or system. They record the information being entered but continue to pass it on so that users’ transactions are not affected. Later they can sell or use the information or credentials collected when the user is not active on the system.
- Search Engine Phishing occurs when the perpetrators create websites with attractive sounding offers and have them indexed legitimately with search engines. Users find the sites in the normal course of searching for products or services and are fooled into giving up their information.