A phishing attack steals personal information or essential credentials by deceiving users to click a malicious link (presented as one from a trusted party).
Phishing is a tool to install ransomware, virus, or spyware in user systems. It can be categorized among the types of social engineering attacks.
Consequences of a phishing attack may include identity theft, unauthorized purchases or leakage of account details to an unknown party for individuals, and loss of confidential data, company policies, and necessary system details for organizations.
Following is the procedure that leads to a phishing attack:
Phishing attacks can be divided into the following two categories:
Attackers send the generated email link to thousands of users on the internet via email to gain profits. They go to extreme lengths to mimic an original email from an organization making it seem trustworthy. This puts users into a state of delusion, and they succumb to trusting the link. Even a few users clicking the link will enable the attackers to gain information or make profits.
These kinds of emails are usually similar to their original counterparts. The difference can be noted in the URL where misspelled, extra, or fewer domain names may be present. Another characteristic of this type of phishing is that the email sent might require a timely call to action from the users. Thus, persuading users to access that link as soon as possible.
Original link
Similar link but misspelled
This is a type where specific individuals, groups, or organizations are targeted instead of targeting random users. These individuals or groups may belong to a government institution. Attackers monitor an organization's internal workings, policies, and procedures and create protocols to gain access to sensitive user data.
A situation based on spear phishing might follow these steps:
Following procedures could be taken to avoid a phishing attack:
Free Resources