What is a phishing attack :

Phishing is a type of social engineering attack often used to steal user data, including login credentials and credit card numbers. It occurs when an attacker, masquerading as a trusted entity, dupes a victim into opening an email, instant message, or text message. The recipient is then tricked into clicking a malicious link, which can lead to the installation of malware, the freezing of the system as part of a ransomware attack  or the revealing of sensitive information.

Now A Days Fake Links Are Common.So Before Opening Any Such Link Beware.


That Malicious Link As Opened By Target The Attacker Can Get Victim Ip Adress Sensitive Information And Even Can Install Payload In Victims Device. And Even Can Hack Social Media Accounts Passwords And Too Much Information 😉😉

 

Phishing attack examples :  

 

Email Phishing Scam : 

 

In This Phishing Type Attacker Can send That Malicious Link Via Email And Use Social Engeering That The Target Easily Opens It . 

Spear phishing :

spear phishing targets a specific person or enterprise, as opposed to random application users. It’s a more in-depth version of phishing that requires special knowledge about an organization, including its power structure.

 

Social Media Phishing :

 In This Phishing Attack Hackers Can Create Fake Login Page Of Social Media Accounts Like Facebook Instagram And Whatts App Amazon Tick Tock And All Social Media Platforms  And Even Can Bypass OTP . And Can Acess Your Social Media Accounts.

Whaling :

Whaling attacks are even more targeted, taking aim at senior executives. Although the end goal of whaling is the same as any other kind of phishing attack, the technique tends to be a lot subtler.

Tricks such as fake links and malicious URLs aren’t useful in this instance, as criminals are attempting to imitate senior staff.

Scams involving bogus tax returns are an increasingly common variety of whaling. Tax forms are highly valued by criminals as they contain a host of useful information: names, addresses, Social Security numbers and bank account information. 

 Smishing and vishing :

With both smishing and vishing, telephones replace emails as the method of communication. Smishing involves criminals sending text messages (the content of which is much the same as with email phishing), and vishing involves a telephone conversation.

A common vishing scam involves a criminal posing as a fraud investigator (either from the card company or the bank) telling the victim that their account has been breached.

The criminal will then ask the victim to provide payment card details to verify their identity or to transfer money into a ‘secure’ account – by which they mean the criminal’s account.

 Angler phishing :

A relatively new attack vector, social media offers a number of ways for criminals to trick people. Fake URLs; cloned websites, posts, and tweets; and instant messaging (which is essentially the same as smishing) can all be used to persuade people to divulge sensitive information or download malware.

Alternatively, criminals can use the data that people willingly post on social media to create highly targeted attacks.

In 2016, thousands of Facebook users received messages telling them they’d been mentioned in a post. The message had been initiated by criminals and unleashed a two-stage attack. The first stage downloaded a Trojan containing a malicious Chrome browser extension on to the user’s computer.

When the user next logged in to Facebook using the compromised browser, the criminal was able to hijack the user’s account. They were able to change privacy settings, steal data and spread the infection through the victim’s Facebook friends.

Author : 

Zain Hundal :)