"Phishing" is the term used for the popular online attack that exploits emails or use malicious websites to obtain a user's personal information. An attacker intelligently pose as a trusted party and tricks a user to provide important information such as credit card details, bank account details, usernames and passwords or other confidential details. Phishing is an attack that does two-time scam. The first one is by stealing an organization's identity. Then, this stolen identity is used to victimize the consumers or users. The term "phishing" in fact came from the word "fish". The attackers "fish" the users by luring them sophisticatedly into providing information that will benefit the attackers i.e. financial information. Unfortunately, many of the victims may never realize that they have been attacked.
As there are many tools available today in creating malicious programs, phishing tools are easily developed. Attackers are finding new and creative ways on deceiving the online users. "Clone phishing" is the term used when emails or websites are "cloned" from the original ones. Details and information are gathered (including copyright messages, logos, etc) from the legitimate email/website and are used in the "clones". A phisher may use address (email or web) spoofing to mimic the actual address. The messages on the email or the content of the website are creatively drafted to lure the online users to provide their valuable information i.e. bank accounts, credit cards, personal details, etc.
"Spear phishing" is another term used in phishing attacks. This term is used when the victims have been targeted before the attacks are made. One such example is where senior executives or top management personnel are identified and their profiles studied. The phishing attacks are crafted specifically for them. A number of emails may be sent to a victim; to create the trust. When the trust is built, the victim is deceived to provide sensitive information. Top management personnel usually have high access rights to many systems and a successful attack can be very damaging to an organization. The organization's sensitive and valuable data could be leaked or stolen if such access rights are gained by the attackers.
Creating awareness on phishing and the damages it can cause still remains as the best method in counter-measuring the phishing issues. Users must be educated about online safety. Users must realize that the "online" world is not really a safe one and therefore be cautious when providing information about themselves on Internet.
As there are many tools available today in creating malicious programs, phishing tools are easily developed. Attackers are finding new and creative ways on deceiving the online users. "Clone phishing" is the term used when emails or websites are "cloned" from the original ones. Details and information are gathered (including copyright messages, logos, etc) from the legitimate email/website and are used in the "clones". A phisher may use address (email or web) spoofing to mimic the actual address. The messages on the email or the content of the website are creatively drafted to lure the online users to provide their valuable information i.e. bank accounts, credit cards, personal details, etc.
"Spear phishing" is another term used in phishing attacks. This term is used when the victims have been targeted before the attacks are made. One such example is where senior executives or top management personnel are identified and their profiles studied. The phishing attacks are crafted specifically for them. A number of emails may be sent to a victim; to create the trust. When the trust is built, the victim is deceived to provide sensitive information. Top management personnel usually have high access rights to many systems and a successful attack can be very damaging to an organization. The organization's sensitive and valuable data could be leaked or stolen if such access rights are gained by the attackers.
Creating awareness on phishing and the damages it can cause still remains as the best method in counter-measuring the phishing issues. Users must be educated about online safety. Users must realize that the "online" world is not really a safe one and therefore be cautious when providing information about themselves on Internet.
