14,932
edits
Changes
Jump to navigation
Jump to search
Line 2:
Line 2: + + + Line 9:
Line 12: − + + + + Line 21:
Line 27: − + − + − + + + + + + + + + + +
no edit summary
The theft of financial and personal data is achieved through deceptive means such as fraudulent emails and copies of legitimate websites.<ref>[http://dictionary.reference.com/browse/phishing Phishing features]</ref> Brand spoofing and carding are forms of phishing.
The theft of financial and personal data is achieved through deceptive means such as fraudulent emails and copies of legitimate websites.<ref>[http://dictionary.reference.com/browse/phishing Phishing features]</ref> Brand spoofing and carding are forms of phishing.
==Spear Phishing==
Spear phishing is a type of phishing attack that targets specific individuals or organizations through malicious emails in order to steal sensitive information like login credentials or to infect the targets’ device with [[malware]]. The attack appears to be from trusted senders and it uses [[Social Engineering Attacks|social engineering]] techniques to urge the victim to click on a malicious link or attachment. Whereas phishing attacks, in general, prioritize quantity, spear phishing prioritizes quantity. In that same vein, a whaling attack prioritizes C-level targets within an organization.<ref>[https://www.crowdstrike.com/cybersecurity-101/phishing/spear-phishing/ Spear Phishing, Crowdstrike]</ref>
==Phishing History==
==Phishing History==
===Cybersquatting===
===Cybersquatting===
According to [[APWG|The Anti-Phishing Working Group]], the number of [[cybersquatting|cybersquatted]] domain names used in conjunction with [[phishing]] has fallen to only 2% of attacks in 2012. A report identified 64,204 phishing domains in total, of which only 12% is suspected by APWG as being registered by the phishers. The rest were compromised accounts owned by third parties. More than half of phisher-owned domains were in [[.tk]], a registry that offers free registration.<ref>[http://domainincite.com/10861-only-2-of-phishing-attacks-use-cybersquatted-domain-names Only 2% of phishing attacks use cybersquatted domain names]. Published 2012 October 25. Retrieved 2012 November 13.</ref>
According to [[APWG|The Anti-Phishing Working Group]], the number of [[cybersquatting|cybersquatted]] domain names used in conjunction with [[phishing]] fell to only 2% of attacks in 2012. A report identified 64,204 phishing domains in total, of which only 12% is suspected by APWG as being [[Malicious Domain|registered by the phishers]]. The rest were [[Compromised Domain|compromised accounts]] owned by third parties. More than half of phisher-owned domains were in [[.tk]], a registry that offers free registration.<ref>[http://domainincite.com/10861-only-2-of-phishing-attacks-use-cybersquatted-domain-names Only 2% of phishing attacks use cybersquatted domain names]. Published 2012 October 25. Retrieved 2012 November 13.</ref>
===Combating Phishing with Next Generation Passwordless Authentication===
"WinMagic's MagicEndpoint Passwordless Multifactor Authentication will ensure your systems are secure and easy to access. Turn regular devices into security keys. <ref>[https://www.winmagic.com/products/passwordless-authentication Winmagic]</ref>
==Types of Phishing Practices==
==Types of Phishing Practices==
* DNS-Based Phishing also referred to as "Pharming" <ref>[http://pcworld.about.com/od/emailsecurity/Types-of-Phishing-Attacks.htm Phishing types]</ref>
* DNS-Based Phishing also referred to as "Pharming" <ref>[http://pcworld.about.com/od/emailsecurity/Types-of-Phishing-Attacks.htm Phishing types]</ref>
* Voice phishing, which is a rather new form of phishing: users will receive an email allegedly from their favorite websites and will be requested to call a fraudulent number and update their information, which will then be stolen by the hacker.<ref>[http://www.spamlaws.com/voice-and-spear-phishing.html Voice phishing]</ref>
* Voice phishing, which is a rather new form of phishing: users will receive an email allegedly from their favorite websites and will be requested to call a fraudulent number and update their information, which will then be stolen by the hacker.<ref>[http://www.spamlaws.com/voice-and-spear-phishing.html Voice phishing]</ref>
* Tabnabbing, which takes advantage of multiple tabs which Internet users may frequently use and redirects the Internet user to the wrong website. <ref>[http://www.crustiz.com/web-2-0/tabnagging-new-phishing-attack/ Tabnagging]</ref>
* Tabnabbing, which takes advantage of multiple tabs that Internet users may frequently use and redirects the Internet user to the wrong website. <ref>[http://www.crustiz.com/web-2-0/tabnagging-new-phishing-attack/ Tabnagging]</ref>
* Pop-up windows which may appear from legitimate and original websites but request financial and credential information.
* Pop-up windows which may appear from legitimate and original websites but request financial and credential information.
==Protection against Phishing Practices==
==Protection against Phishing Practices==
In order avoid being a victim of phishing, Internet users should take the following into consideration:
In order to avoid being a victim of phishing, Internet users should take the following into consideration:
# Avoid or delete mass emails
# Avoid or delete mass emails
# Install anti-phishing software
# Install anti-phishing software
# Avoid password authentication services
# Avoid password authentication services
# Ignore emails requesting financial information updates
# Ignore emails requesting financial information updates
# Use spam filters to eliminate phishing emails. This solution relies on natural language processing methods and is able to substantially reduce the amount of phishing emails.
# Use spam filters to eliminate phishing emails. This solution relies on natural language processing methods and is able to substantially reduce the number of phishing emails.
# Do not trust impersonal emails
# Do not trust impersonal emails
# Be suspicious regarding email links
# Be suspicious regarding email links
# Submit credit card information only on secure websites with secure payment options.<ref>[http://www.anti-phishing.info/avoid-phishing.html Phishing protection]</ref>
# Submit credit card information only on secure websites with secure payment options.<ref>[http://www.anti-phishing.info/avoid-phishing.html Phishing protection]</ref>
==Trajectories==
In the early 2020s, phishing began growing in popularity among [[Threat Actor|threat actors]] even as [[DNS Abuse]] in general appeared to trend down.<ref>[https://www.icann.org/en/system/files/files/last-four-years-retrospect-brief-review-dns-abuse-trends-22mar22-en.pdf DNS Abuse Trends Retrospective, ICANN Files]</ref>
On July 19, 2022, [[Interisle Consulting]] reported that:
* phishing attacks were up by 61 % over the previous year,
* phishing reporting went up by 72 %,
* 76% of domains for phishing were registered with nTLDs (34% were split between [[.com]] and [[.net]],
* phishers are targeting big tech brands, and
* cryptocurrency phishing increased by 257 %.<ref>[https://interisle.net/PhishingLandscape2022-ExecutiveSummary.pdf 2022 Phishing Landscape Executive Summary, Interisle]</ref>
==References==
==References==