Phishing attacks tricks users by sending messages from Trusted websites

What is Phishing?

Phishing is a type of social engineering attack often used to steal user data, including login credentials and credit card numbers. It occurs when an attacker, masquerading as a trusted entity, dupes a victim into opening an email, instant message, or text message. The recipient is then tricked into clicking a malicious link, which can lead to the installation of malware, the freezing of the system as part of a ransomware attack or the revealing of sensitive information.
An attack can have devastating results. For individuals, this includes unauthorized purchases, the stealing of funds, or identify theft.
The phishing attack hugely attacking organizations financial departments by tricking victims into downloading trojans and malicious code meant for stealing credentials and causing other serious network threats.

According to the researchers at Barracuda Networks, the attacker focuses on tricking the victim that the message is from someone that they trust or the idea that might lead them into panic mode causing them to click on a malicious link which downloads different malware into the system which may lead users to lose money and data.

The phishing attack which has caused havoc among millions involves attacker sending legitimate looking invoices which may look crucial, authentic and a threat to the reviewer coming from someone they might trust, thus making them vulnerable enough to click on the malicious link provided in the email or text messages.

In one of the examples of this attack, the attacker sends an email to the target asking about the payment status of an invoice.A legitimate looking invoice number is written in the email and the sender name is chosen such that receiver trust the source. The information regarding receiver's close connections can be curated very easily from public profiles like LinkedIn or Facebook.

The message may look authentic at first glance, but an invitation to click on the link should be treated with suspicion. Once the recipient clicks on the link it supposedly downloads the invoice containing the word document but goes on further by downloading trojans and other malicious codes which are meant to steal data from the system.

The attackers are using different templates to lure potential victims. The second type of template tries to convince the recipient to check the address change of someone they trust through the malicious link.   

"Impersonation is a proven tactic that criminals are regularly using to attract victims into believing that they are acting on an important message when that couldn't be further from the truth," said Lior Gavish, VP at Barracuda Networks.


For the protection against this kind of phishing attacks, training of employees can be very helpful.
Source : ehackingnews.com 




==========     Hacking Don't Need Agreements     ==========
Just Remember One Thing You Don't Need To Seek Anyone's  Permission To Hack Anything Or Anyone As Long As It Is Ethical, This Is The Main Principle Of Hacking Dream
    Thank You for Reading My Post, I Hope It Will Be Useful For You

I Will Be Very Happy To Help You So For Queries or Any Problem Comment Below Or You Can Mail Me At Bhanu@HackingDream.net



Bhanu Namikaze

Bhanu Namikaze is an Ethical Hacker, Security Analyst, Blogger, Web Developer and a Mechanical Engineer. He Enjoys writing articles, Blogging, Debugging Errors and Capture the Flags. Enjoy Learning; There is Nothing Like Absolute Defeat - Try and try until you Succeed.

No comments:

Post a Comment