Page 533 - ComputerScience_Class

Page 533 - ComputerScience_Class_11

P. 533

13.4.1 Types of Phishing Attacks: Email Phishing
This is the most common form of phishing, where attackers send fraudulent emails that appear to be from legitimate
sources, like banks or companies, in an attempt to trick recipients into revealing sensitive information, such as
passwords or credit card numbers. Some common types of phishing attacks are:
• Spear Phishing: Unlike generic email phishing, spear phishing targets specific individuals or organisations. The
attacker customises the message to make it more convincing, often using information about the target to appear
more legitimate.

• Smishing (SMS Phishing): This type of phishing uses SMS (text messages) to trick victims into clicking on malicious
links or sharing personal information. The message often seems like it’s from a legitimate service, like a bank or
government agency.
• Vishing (Voice Phishing): In vishing, attackers use phone calls to impersonate legitimate organisations (such as
banks or tech support) to persuade victims to reveal confidential information over the phone.
• Pharming: Pharming involves redirecting users from legitimate websites to fake ones without their knowledge. This
can be done through malware or by compromising a website’s DNS (Domain Name System) settings.

• Whaling: A more targeted form of spear phishing, whaling specifically targets high-profile individuals like CEOs or
top executives. The emails are often crafted to look like critical business communications, making them more likely
to be trusted.
• Angler Phishing: This type of phishing occurs on social media platforms. Attackers impersonate customer support
accounts and try to convince users to share personal information by offering fake assistance.

13.4.2 How is Phishing Carried Out?
The most common examples of phishing are used to support other malicious actions, such as account takeovers,
ransomware attacks or business email compromise. Historically, phishing attacks typically occurred via email or instant
message. Today, phishing attacks happen over a variety of media, from SMS text messages to phone calls to QR codes.
There are several tactics attackers can use to make their phishing attempts more effective:
• Finding, purchasing or scraping known contact information.

• Setting up fake websites and apps that imitate the real ones.
• Using techniques like DNS fast fluxing to disguise their hosting servers.
• Using domain spoofing and email spoofing to make messages appear legitimate.

• Manipulating links so that URLs in phishing messages look correct.
• Sending emails from trusted infrastructure that can pass checks and get past spam filters.
• Using generative AI to quickly create realistic-sounding and error-free messages.

Most phishing attacks can be broken down into a few general categories. It is useful to become familiar with a few of
these different vectors of phishing attacks in order to spot them in the wild.

13.5 DIGITAL ARREST
Digital arrest scam, also referred to as digital house arrest or virtual arrest,
is a form of organised cybercrime and fraud. In this scam, perpetrators
impersonate law-enforcement, government agencies, banks or courier
companies. They target victims often by video call or telephone into
transferring money or revealing financial credentials by falsely claiming that
the victim is under investigation or has been “digitally arrested.”
This crime is particularly popular in India.

Trends in Computing and Ethical Issues 531

528 529 530 531 532 533 534 535 536 537 538