Phishing
What is Phishing:
Phishing is the process to lure users and obtain sensitive information such as password and credit card information. Phishing is an example of a social engineering attack aimed at users, who are lured into clicking on links or opening email attachments.
Phishing incidents usually involves a stimulus and invoking a user response. The target audience is everyone who has an online/offline presence. This includes everyone from young children to the elderly.
The Phish intends to
- Steal identity-related information.
- Compromise banking information
- Compromise your online credentials
- Get the user to click on a malicious link so that malicious software (Eg: Ransomware) can be installed
Phishing Baits:
The attackers use public information available on social networking sites and organisation homepages to target, lure the users and bait them.
The most common phishing baits contain the following components:
Lucrative subject/offer – Phishing emails intend to lure users and the target audience via a lucrative subject or offer.
Urgency and Action – They tend to invoke urgency and action as part of the social engineering attack.
Clickable links or Attachments – These emails usually contain clickable links redirecting you to a malicious site or a hoax site (e.g. Users could be redirected imperiuncybersec.com.au instead of imperiumcybersec.com.au. In some instances, the email could contain an attachment. These attachments usually contain a virus or malware.
The ebb and flow of Phishing emails changes with seasons. Phishing emails are common during:
- Tax filing season
- Holiday season / Social events
- The end of the financial year