Phishing

                  Phishing attacks are the social-engineering practice of sending
                  fraudulent  communications  that  appear  to  come  from an
                  authentic source. It is usually done through e-mail. The goal is

                  to steal sensitive data like credit card and login credentials or to
                  install malware on the victim’s machine.
                  Although some phishing e-mails are poorly written and clearly
                  fake. But, some cyber miscreants send links in the e-mail that
                  may install malware on the user’s device or direct the user to a wicked website for extracting personal

                  and financial information.
                  Some common types of phishing attacks are phone, spear and clone phishing.


                  Detecting a Phishing E-mail
                  Following can act as hints to detect Phishing E-mail:

                  ·  Spelling and Unusual Grammar: Cyber criminals generally make grammar and spelling mistakes
                    because they use a dictionary too often to convert in a specific language. If you notice such mistakes
                    in an e-mail, it might be a scam.
                  ·  E-mail Links: Some links in the e-mail are usually with unknown URLs. To verify, take the mouse (but
                    don’t click) over the link to see if the address matches the link that was typed in the message. Some
                    links may also forward to .exe or zip files. These are known to install malicious software.
                  ·  Acknowledgment: Generally, the cyber  criminals don’t  know the names  of targets  except  the
                    e-mail addresses, so they use just a part of the targeted e-mail address, in the salutation or a uses
                    a general salutation.


                  Difference between Spoofing and Phishing

                  Following are the differences between spoofing and phishing:

                                        Spoofing                                        Phishing

                    Hacker tries to steal the identity to act as     Hacker tries to steal the sensitive
                    another individual.                              information of the user.

                    It doesn't require fraud.                        It is operated in a fraudulent manner.

                    Information is not theft.                        Information is theft.

                    Spoofing can be part of  phishing.               Phishing can't be part of the spoofing.
                    Hacker needs to  download some  malicious  No such malicious software is needed.
                    software in victim computer.
                    Spoofing is basically done to get a new identity. Phishing is done to get secret information.

                    Types: IP Spoofing, E-mail Spoofing, URL         Types: Phone Phishing, Clone Phishing, etc.
                    Spoofing, etc.




                  24    Premium Edition-VIII