‘Phishing’: A Threat To Computer Security
Introduction to Phishing
‘Phishish’ is the technique to get the all information that is sensitive in nature, for instance user name, passwords and other details. This is a technique that is carried out typically either by instant messaging or email spoofing. One of the major things of this issue is that it creates illusion to the user. The illusion stands for the similarity of the webpage with the original ones. The user understands and feels the same, and enters all the details. User finds the page identical to the original one. Being victimized by the phishing, the user is punished with the loss of personal details. This will hamper the user and has no clue to retrieve or revert the fault that may re-secure by nothing. This is a scenario of computers.
Computers and internet usages are at high pace. 21st century serves in the world of networks. As high as the internet usages are increasing, the frauds are increasing too. The era becomes a season of security hacks as well. It may refer as hacking too. ‘Hacking’, an unauthorized access or use of data, systems, server or networks. That is something that includes any attempt to probe, scan or test vulnerability of any system, server or network or to breach security or authentication measures without express authorization of the owner of the system, server or network. No one should run computer programs that are associated with hacking without prior authorisation. Obtaining and using such programs is not typical of normal usage and may therefore otherwise be regarded as misuse. It is generally referred to any unauthorized intrusion into either a computer or network. The hacker can alter systems or security features to accomplish a goal that differs from the genuine purpose of system.
Hacking is a non-malicious activities, usually involves unusual alterations to equipment or processes. Phishing is a kind of hacking techniques that enables the hacker to grab the sensitive information from the user that can be harmful to lose. It is an example of social engineering techniques, which is used to deceive users, and to exploit weaknesses in current internet security.
Types of Phishing
The phishing technique has a number of types, that hacker usually use to misguide the users. These are the techniques types
Deceptive Phishing: This is the most common type of phishing scam. Deceptive phishing refers to any attack by which fraudsters impersonate a legitimate company and attempt to steal people’s personal information or login credentials. The success of a deceptive phishing depends upon how closely the attack email resembles the legitimate official correspondence of the company. The emails use threats and a sense of urgency to intimate the user to understand the attack. The result shows, the user must view all URLs closely and carefully, to check if it redirects them to any unknown website or webpage. They should check for generic salutations too, for instance grammatical errors, and spelling errors that are all around the mail.
Spear Phishing: Spear phishing is something that especially encountered at commonplace on social media sites like Facebook, LinkedIn. Here, the attackers can simply use multiple information sources to craft any targeted attack email. This point is also quite understandable or noticeable that not all phishing scams lack personalization, despite some uses it literally heavily. The goal is this type of phishing is somehow similar to the deceptive phishing. As it lure the victim by clicking on a malicious URL or email attachment. In result of this they handover their personal information and data to unauthorized person.
CEO Fraud/Whaling: This is a second phase of a business email compromise (BEC) scam, where attackers impersonate an executive and abuse that individual’s email to authorize fraudulent wire transfers to a financial institution of their choice. Any organization should also consider for amending their financial policies. That means no one can authorize any action to a financial transaction via email. The term ‘whaling’ has been coined for spear phishing, as it is the phishing technique that attacks directed at senior executives and other high profile targets. Whaling attack works because executives are rarely participating in security awareness training with their employees. Each and every member of any company personnel must undergo with the security awareness training to tackle with this threat.
Pharming: This is a technique of attack that stems from domain name system (DNS) cache poisoning. This is because of the reason that many of the users are becoming aware of other phishing techniques, as they are going to be very usual for current scenario. Therefore, just to conquer the situation the hackers dealt with a new technique that plays with the domain name. In simple terms, we can understand this hacking technique as the user is automatically redirected to fake website, even if he/she had entered the correct name or website url. This lead them to enter their information and they have no idea about that they are entering in incorrect website.
Google doc Phishing: Hackers chose to target Google Drive similar to the way they might prey upon Dropbox users. Specifically, as Google Drive supports documents, spreadsheets, presentations, photos and even entire websites. The phishers can abuse the service to create a fake webpage that typically duplicates to the Google account log-in screen and harvests credentials of user. The deceptive invitation to edit a Google Doc, the most popular app used for writing and sharing files, appeared to be spreading rapidly. This is with a subject line stating a contact “has shared a document on Google Docs with you”. If users click the “Open in Docs” button in the email, it takes them to a legitimate Google Sign in screen that asks to “continue in Google Docs”. Clicking on the link grants the permission to a fraud app or page to possibly access contacts and email, which could allow the spam.
Drop box Phishing: Similar to the way they prey upon Google Doc Phishing, hackers chose to target Google Drive in Dropbox phishing. Users are advised to implement two-step verification (2SV) on their accounts to protect against Dropbox phishing attacks.
Solutions to prevent Phishing
There are several methods to protect users from phishing attacks. But only prevention is not enough, we need detection measures to get early warning and signals when any phishing attack is being planned, in progress. Before we get into detection measures let us look at the steps the attackers does while executing a phishing attack – they register a fake domain name (not necessarily but often they do), setup a look alike webpage and send email to hundreds of users. There are few ways to prevent fishing, the few are below –
To aware user
The technologies are used in a bad way with phishing scams, malware and many. It can also be used to defend organizations against today’s attacks. E mail is the common source of most phishing attacks that organizations receive. People can take steps to avoid phishing attempts by slightly modifying their browsing habits. When contacted about an account needing to be "verified", it is intimation to contact the company from which the email apparently originates to check that the email is legal or not. Alternatively, the address that the individual knows is the company's genuine website can be typed into the address bar of the browser, rather than trusting any hyperlinks in that suspicious phishing page or message.
The main recommendation is that people should start with technical measures like our email security suite, but that’s not the only step we should take. There is no system is 100% effective and genuine. So, your employees can also put your network at risk from their personal email. Therefore, employees need training to understand what should they do to avoid phishing emails.
Simple ignorance of SPAM
SPAM filters are designed to gauge and measure emails flowing into an organization based on known metrics characterizing SPAM and phishing emails. By filtering email through intelligent SPAM filters, organizations can drastically reduce the attack surface presented by phishing emails. Thousands of SPAM or phishing emails may flow through a SPAM solution in a single day. Many of today’s email security providers are very effective in successfully marking emails that fit SPAM or phishing metrics very accurately. Instead of thousands of phishing emails arriving in employee inboxes, that number can be reduced to only a handful.