adam's notes

Phishing

Phishing is a type of email-based social engineering attack, in which the attacker sends email from a supposedly reputable source to try to elicit private information from the victim or persuades or tricks the target into interacting with a malicious resource disguised as a trusted one.

  • is a combination of social engineering and spoofing
  • refers specifically to email or text message threat vectors
  • might try to convince the user to perform some action
    • e.g.,
      • installing disguised malware
      • or allowing a remote access connection by the attacker
  • Most browser show warnings when attempting to visit potential phishing sites
  • phishing attacks rely on a lack of attention to detail on the recipient’s part, and their rate of success remains low
  • can use this same attack vector over other types of media

Types

Pharming

Pharming is an impersonation attack in which a request for a website, typically an e-commerce site, is redirected to a similar-looking, but fake, website.

  • uses impersonation and phishing
  • type of phishing campaign that uses a spoof website set up to imitate a web resource trusted by the user
    • e.g., fake websites that resemble well-known websites
      • bank or e-commerce site
      • attacker emails users of the genuine website to inform them that account must be updated with hoax alert
      • message contains a disguised link to spoofed site
      • then user authenticates on spoofed site and their credentials are captured

Vishing

Vishing is a phishing attack conducted through a voice channel.

  • e.g., phone or VoIP

Smishing

Smishing is a phishing attack that uses simple message service (SMS) text communications as the vector.

  • sometimes stylized as SMiShing

Spear Phishing

Spear phishing is targeted attacks against specific companies, organizations, or people.

  • higher rate of success than random phishing
  • require more specific information and advanced reconnaissance

Whaling

Whaling is a phishing attack that specifically targets executives and other high power or net worth individuals.

Graph View

Backlinks