What is Phishing?

It’s a type of social engineering to trick users into sharing sensitive personal information like usernames, passwords and credit card number details with Cyber Criminals.

Phishing has been around since the 1990s and still going strong:

“The Comodo Cyber Security 2018 Global Threat Report lists email phishing as the most common method of attack”

“According to the Proofpoint 2019 State of the Phish Report, reports of credential compromise in 2018 rose 70% over 2017 and 280% since 2016”

How Cyber Criminals target victims?

The most common phishing technique is to send a fraudulent email to a targeted user, the email is designed to look like it came from a trusted source and it looks urgent so the potential victim will open it. Phishing email subject lines will sound urgent and important enough to not ignore such as:

Subject Line of Phishing E-mails
Subject Line of Phishing E-mails

Typically, the email will contain a manipulated link that looks like it goes to a real website, if the targeted user clicks the link then it routes to a forged website designed to look like a real one.

Sample E-mail of Phishing Attack
Sample E-mail of Phishing Attack

Once there, the target will usually be prompted to enter the username and password for the website and if do the attacker will now have the login credentials for the real website. Depending on the website, it can turn into an immediate loss of information and/or money for the victim.

Sample Forged Login Page to Steal User Credentials
Sample Forged Login Page to Steal User Credentials
 

One of the keys to a successful email attack is to look like they came from trusted brands so phishing attackers frequently opt to use brand names like Microsoft, Paypal, Google, DHL, Dropbox, etc.

Forms of Phishing:

1- Untargeted Phishing: Tossing out a big net with the hope to catch as many victims as possible.

2- Spear-phishing: Customizes email attacks to specific users hoping that the illusion of familiarity will create trust.

3- Whaling: Spear-phishing directed at senior business executives who likely control significant financial assets.

Comodo Cyber Security 2018 Global Threat Report state that enterprise users receive 16-20 malicious emails each month on average

Since phishing email attacks are cheap, simple and effective, we can expect that such attacks will continue to be one of the most common Cyber Security threats landscape.