Types of Phishing Attacks
Different types of phishing attacks are used by the attacker:
1. Spear Phishing attack
This is a type of attack that is done to target any specific organization or any certain people. It is a type of attack that can’t be initiated by any random type of hacker. It can be initiated by someone who needs information and that can be related to financial gain. A Spear Phishing attack is almost the same as a normal phishing attack. Both of them will appear from a trusted source. It is considered one of the most successful attacks.
2. Clone Phishing
This is a type of attack that works based on copying email messages that came from a worthy or trusted source. Hackers alter the information present in the original email and also add a link or attachment. This link or attachment is malicious and will make the user go to a fake website. Now this altered link is sent to a large number of people and the hacker waits for someone who will take the initial approach of clicking the malicious link. When the link or attachment is clicked, the email will be sent to the contacts of the user.
3. Cat Phishing
This is a type of attack that is socially engineered. It kind of plays with the emotions of the victim and exploits, such that attackers can have a benefit related to financial gain and information of the victim.
4. Voice Phishing
This is a type of attack that does not require an attacker to make the user go through their fake website. We call this sometimes vishing. Someone who will follow the steps of vishing will have the knowledge to appear as a trusted source, such that the victim can be convinced. They use another thing that is IVR which makes the legal authority face difficulty when needed for tracing, blocking, or monitoring. As it is a type of phishing attack, this is also used for getting credit card details and some confidential information of the victim.
5. SMS phishing
This is also a type of attack that makes the user reveal information that can be related to the credit card details or some sensitive information. Just like other phishing attacks, this will also appear as a trusted source to the victim. Android phones and smartphones are mostly used by every user and this gives the opportunity to the attacker to perform this phishing attack. It makes it easy for the attacker in avoiding the trouble of breaking firewalls and stealing information.
6. Whaling or CEO fraud
Whaling is the term used when attackers target a “big fish” such as a CEO. These attackers frequently spend a significant amount of time analyzing their victim in order to determine the best time and method for acquiring login information. Whaling is particularly concerning because top executives have access to an large amount of company information.
Phishing in Ethical Hacking
Phishing is one type of cyber attack.It is an unethical way to dupe the user or victim to click on harmful sites. The attacker crafts the harmful site in such a way that the victim feels it to be an authentic site, thus falling prey to it. The most common mode of phishing is by sending spam emails that appear to be authentic and thus, taking away all credentials from the victim. The main motive of the attacker behind phishing is to gain confidential information.