AbleToTrain by Willing & Able

How phishing works

Phishing attacks typically rely on social networking techniques applied to email and other electronic means of communication. Some methods include direct messages and SMS text messages sent over social networks.

Phishers can use public information sources to collect background information about the victim’s personal and professional history, interests, and activities. Usually via social networks such as LinkedIn, Facebook, Twitter. These sources are typically used to reveal information such as potential victims’ names, job titles, and email addresses. This information can be used to compose trusted emails.

Victims typically receive messages that appear to have been sent by known contacts or organizations. Attacks occur via attachments of malicious files or links that point to malicious websites. In both cases, the purpose is to install malware on the user’s device or redirect the victim to a fake website. Fake websites are designed to trick victims into leaking personal and financial information such as passwords, account IDs, and credit card details.

Many phishing emails are poorly written and apparently fake, but cybercriminal groups are increasingly using the same techniques that professional marketers use to identify the most effective types of messages. I’m using.

How Phishing Emails Are Recognized

Successful phishing messages are difficult to distinguish from real messages. They are usually presented as from a well-known company, even with the company logo and other collected identification data.

However, there are some clues that the message is a phishing attempt. These include:

Messages use subdomains, misspelled URLs (typosquatting), or other suspicious URLs.

Recipients use Gmail or other public email addresses instead of corporate email addresses. The message is written to evoke fear and urgency. The message contains a request to verify your personal information, such as B. Financial data or password. The message is not well written and is misspelled or grammatically incorrect. Cybercriminals continue to hone their skills in conducting existing phishing attacks and developing new types of phishing scams. The types of common phishing attacks are:

Spear phishing attacks targeting specific individuals or businesses. These attacks typically use the victim’s specific collected information to better present the message as genuine. Spear phishing emails may contain references to colleagues or executives within the victim’s organization and may contain the victim’s name, location, or other personal information.

The Whaling attack is a type of spear phishing attack that specifically targets executives within an organization. This attack is often aimed at stealing large amounts of money. Those preparing for spearfishing campaigns will investigate the victim in detail and create a more authentic message. Using information that is relevant or specific to the target increases the chances of a successful attack.

A typical whaling attack targets employees who can approve payments, so phishing messages are sent by executives to approve large payments to vendors when payments are actually made to attackers. Often appears to be a command of.