What is Phishing?
Phishing
is a type of social engineering attack often used to steal user data, including
login credentials and credit card numbers. It occurs when an attacker,
masquerading as a trusted entity, dupes a victim into opening an email, instant
message, or text message. The recipient is then tricked into clicking a
malicious link, which can lead to the installation of malware, the freezing of
the system as part of a ransomware attack or the revealing of sensitive
information.
An attack can have
devastating results. For individuals, this includes unauthorized purchases, the
stealing of funds, or identify theft.
The phishing attack hugely attacking organizations financial
departments by tricking victims into downloading trojans and malicious code
meant for stealing credentials and causing other serious network threats.
According to the researchers at Barracuda Networks, the attacker focuses on tricking the victim that the message is from someone that they trust or the idea that might lead them into panic mode causing them to click on a malicious link which downloads different malware into the system which may lead users to lose money and data.
The phishing attack which has caused havoc among millions involves attacker sending legitimate looking invoices which may look crucial, authentic and a threat to the reviewer coming from someone they might trust, thus making them vulnerable enough to click on the malicious link provided in the email or text messages.
In one of the examples of this attack, the attacker sends an email to the target asking about the payment status of an invoice.A legitimate looking invoice number is written in the email and the sender name is chosen such that receiver trust the source. The information regarding receiver's close connections can be curated very easily from public profiles like LinkedIn or Facebook.
According to the researchers at Barracuda Networks, the attacker focuses on tricking the victim that the message is from someone that they trust or the idea that might lead them into panic mode causing them to click on a malicious link which downloads different malware into the system which may lead users to lose money and data.
The phishing attack which has caused havoc among millions involves attacker sending legitimate looking invoices which may look crucial, authentic and a threat to the reviewer coming from someone they might trust, thus making them vulnerable enough to click on the malicious link provided in the email or text messages.
In one of the examples of this attack, the attacker sends an email to the target asking about the payment status of an invoice.A legitimate looking invoice number is written in the email and the sender name is chosen such that receiver trust the source. The information regarding receiver's close connections can be curated very easily from public profiles like LinkedIn or Facebook.
The message may look authentic at first glance, but an
invitation to click on the link should be treated with suspicion. Once the
recipient clicks on the link it supposedly downloads the invoice containing the
word document but goes on further by downloading trojans and other malicious
codes which are meant to steal data from the system.
The attackers are using different templates to lure potential victims. The second type of template tries to convince the recipient to check the address change of someone they trust through the malicious link.
The attackers are using different templates to lure potential victims. The second type of template tries to convince the recipient to check the address change of someone they trust through the malicious link.
"Impersonation is a proven tactic that criminals are
regularly using to attract victims into believing that they are acting on an
important message when that couldn't be further from the truth," said Lior
Gavish, VP at Barracuda Networks.
For the protection against this kind of phishing attacks, training of employees can be very helpful.
For the protection against this kind of phishing attacks, training of employees can be very helpful.
Source : ehackingnews.com
========== Hacking Don't Need Agreements ==========
Just Remember One Thing You Don't Need To Seek Anyone's Permission To Hack Anything Or Anyone As Long As It Is Ethical, This Is The Main Principle Of Hacking Dream
Thank You for Reading My Post, I Hope It Will Be Useful For You
I Will Be Very Happy To Help You So For Queries or Any Problem Comment Below Or You Can Mail Me At Bhanu@HackingDream.net
No comments:
Post a Comment