Phishing is an example of Social Engineering, and is defined as the fraudulent attempt to obtain sensitive information, often for malicious reasons, by disguising as a trustworthy entity in an electronic communication.
These form of attacks rely on a communication, such as a text message or an e-mail. The attacker may use the message to distribute a malicious link that appears trustworthy, in order to take information such as account details from the victim. Another common style of Phishing is using a scam. Often with the promise of a large reward, the scammer aims to convince the victim to give up details such as their credit card information. These messages are often hard to distinguish from safe messages.
This is an attempt that is directed at a specific individual. Attackers may gather personal information about their target to increase their chances of success. This technique accounts for 91% of all Phishing attacks on the Internet. In 2015, Ubiquiti Networks Inc. lost $46.7 million to a Spear Phishing attack. This proves just how successful this Social Engineering technique can be.
This type of phishing attack where a legitimate email containing an attachment or link has had its content taken and changed to create an almost identical email. The attachment or link within the email is replaced with a malicious version, and then sent from a spoofed email address. As this e-mail appears to be a resend or edit of the original, it is difficult to distinguish it from a safe e-mail.
Whaling is a type of attack that is specifically aimed at high-profile targets within businesses. The content of the masquerading web page/email will often take the form of a legal document, customer complaint or executive issue. Whaling Phishers have been known to forge documents from Authorities, and thus these emails are very difficult to distinguish or ignore.
There are multiple ways to protect yourself and your business from Phishing scams.
Pentest People have a full Phishing Platform that can be used as part of a Social Engineering engagement. Be sure to get in touch with us if this is something of interest.