.Phishbuster

  • What is phishing

    Phishing is a cybercrime in which a target or targets are contacted by email, telephone, or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information, banking and credit card details, and passwords. OR Phishing is a cyber attack where the attacker tricks the target into disclosing personal information, revealing login credentials, or transferring money.

  • The purpose of phishing is to collect sensitive information with the intention of using that information to gain access to otherwise protected data, networks, etc. A phisher's success is contingent upon establishing trust with its victims.

    Successful Phishing attacks can:

    Cause financial loss for victims

    Put their personal information at risk

    Put data and systems at risk

  • Deceptive Phishing: Deceptive phishing is by far the most common type of phishing scam. In this ploy, fraudsters impersonate a legitimate company to steal people’s personal data or login credentials. Those emails frequently use threats and a sense of urgency to scare users into doing what the attackers want.

    Spear Phishing: Spear Phishing targets specific individuals instead of a wide group of people. Attackers often research their victims on social media and other sites. That way, they can customize their communications and appear more authentic.

    Other phishing Technique

    Angler Phishing: This cyberattack comes by way of social media. It may involve fake URLs, instant messages or profiles used to obtain sensitive data. Attackers also peruse social profiles to glean any personal information they can use for social engineering.

    Clone Phishing: Clone phishing involves exact duplication of an email to make it appear as legitimate as possible.

    Domain Spoofing: In this category of phishing, the attacker forges a company domain, which makes the email appear to be from that company.

    Email Phishing: Phishing emails are often the first to come to mind when people hear the term phishing. Attackers send an illegitimate email asking for personal information or login credentials.

    Search Engine Phishing: Rather than sending correspondence to you to gain information, search engine fishing involves creating a website that mimics a legitimate site. Site visitors are asked to download products that are infected with malware or provide personal information in forms that go to the attacker.

    Smishing: Combine SMS with phishing and you have the technique called smishing. With smishing, attackers send fraudulent text messages in an attempt to gather information like credit card numbers or passwords.

    Whaling: A whaling attack targets the big fish, or executive-level employees. An attack of this sort often involves more sophisticated social engineering tactics and intelligence gathering to better sell the fake.

    Vishing: Combine VoIP with phishing and you get vishing. This type of phishing involves calls from a fraudulent person attempting to obtain sensitive information.

    Malvertising: Malvertising is malicious advertising that contains active scripts designed to download malware or force unwanted content onto your computer. Exploits in Adobe PDF and Flash are the most common methods used in malvertisements

  • To help prevent phishing attacks, you should observe general best practices, similar to those you might undertake to avoid viruses and other malware. First, make sure your systems are updated to help protect against known vulnerabilities. Protect devices and systems with reputable security software and firewall protection. You can also add software that watches for PII being sent over email or other insecure methods.Since the weak link in phishing attacks is the end user, you should provide proper end-user security awareness training and educate your team on how to recognize a phishing scam. The key to protecting against phishing lies in the ability to recognize the cyberattack as illegitimate. Following are some key concepts to include in end-user training:

    Users are to choose strong passwords and be wary of posting your personal details on social media. Information like birthdates, addresses and phone numbers are valuable to an attacker.

    If there are any suspicions about an email or social post, contact the IT team to have them examine the situation.

    Only open attachments from a trusted source. When in doubt, check with the alleged sender directly.

    Note any language differences in messaging or emails that vary from legitimate organizational communications.

    Never give away personal information in an email or unsolicited call. For instance, financial institutions will never call and ask for login credentials or account info because they already have it.

    Inspect emails for typos and inaccurate grammar. This is usually a dead giveaway of less-sophisticated phishing scams.

    Don’t supply personal information via email or text.

    Beware of urgent or time-sensitive warnings. Phishing attacks often prompt action by pretending to be urgent.

    Verify emails and other correspondence by contacting the organization directly. If you think something is fishy (okay, bad pun), a phone call can quickly identify a legitimate call from a fake one.

  • Since we can’t control the criminals, let’s take a look at how you can prevent phishing attacks.
    Train Your Employees - Unsuspecting employees who are not trained to identify phishing emails are easily tricked. If they click on a link, open an attachment, or respond to the email, they could be giving the attacker exactly what they need to break into your system. Training is by far the most crucial action you can take to avoid phishing attacks. By investing in your employees’ security education, you empower them to take ownership of security best practices. With training, your employees can identify a phishing email and report suspicious activity before any information is compromised.

    Update Your Antivirus Software- Keeping your antivirus software updated adds a layer of security. The software will scan files coming into your computer, preventing possible damage. Ensure that your anti-spyware and firewall settings are active.

    Stay Up-to-Date - By staying in-the-know, you remain vigilant to phishing attempts. Research common phishing scams so that you’re aware of what security professionals see as the main threats. The more aware you are of what’s out there, the more likely you are to identify a possible attack.

  • Its a Good thing to give Credits. We learnt from this Websites, You can check them out

    CompTIA. (n.d.). What Is Phishing? A Brief Guide to Recognizing and Thwarting Phishing Attacks. Retrieved April 6, 2021, from Click here to Know more

    KnowBe4 (2021). Phishing Techniques. Retrieved from Click here to know more

    KnowBe4 (2021). Phishing Examples. Retrieved from Click here to know more

    Technologylab. (2021). 5 Security Breaches Caused by Phishing Attacks Retrieved April 6, 2021, from Click here to know more

    Clearedin. (2021). The Biggest Phishing Attack Examples to Make Headlines. Retrieved April 6, 2021, from Clcik here to know more

    No Go Fall Maga. (2021). Africa’s First Storified Cyber Security Awareness Book. Retrieved April 6, 2021, from Click here to know more

    CNN Business. (2016). Watch this hacker break into a company. Retrieved April 6, 2021, from Click here to know more

    Garrett Myler. (2018). Social Engineering: Vishing Example. Retrieved April 6, 2021, from Click here to know more

About Phishbuster

Phishbuster is a project that came into existence from a final year project “Detection of Phishing Website Using Machine Learning” carried out at Bowen University. It aims to help reduce phishing attack by helping internet users authenticate URL link by testing if it is phishing or legitimate. The progress of validating a Website URL for phishing or legitimate has gone through several Machine learning models.

About the Author

The Author of this Research is Adediran Goodness who is a Final Year Student of Computer Science and Information Technology at Bowen University who aspire to further his Career into Cyber Security.