A Deeper Look at Phishing
Learn about the different types of phishing attacks, how to carry them out, and what tools can be used to assist in the process.
We'll cover the following...
Overview
When people mention social engineering, they’re generally thinking of phishing, especially with emails. There are a lot of other vectors that can be used as well. After going through the general process of a phishing attack, we’ll take a deeper look at some common strategies adversaries use when employing it.
The phishing process
Let’s go through how a phishing attack typically works:
-
The adversary creates a fraudulent website, email, or some other communication channel that appears to be both legitimate and trustworthy.
-
The adversary sends the fake or fraudulent channel to the victim either directly, through spam, through a targeted email or messaging campaign, or by pretending to be a service that the target uses frequently.
-
The victim falls for the adversary’s trick and is persuaded to do the ill-intended action, such as clicking on a malicious link or giving personal information in a fake form.
-
The adversary collects the victim’s sensitive information, which can ...