3. What is phishing?
◦ Type of social engineering attack which is used to pretend to be
someone and using their personal information to commit a fraud.
◦ Personal information such as name, credit card number, date of birth,
phone number.
◦ Manipulates a user, causing them to perform actions like clicking
malicious link, installing a malicious file.
5. How does it work?
• It simply works by sending messages that look
like they are from a legitimate company or
website.
• Usually contain a link that takes the user to a
fake website that seems like the real thing.
• The user is asked to enter personal
information.
6. Examples
1. In 2020 August, attackers sent phishing emails attempting to steal Microsoft account
credentials.
2. In September 2020, attackers sent email, which appeared to be from Amazon, attempting
to steal user credit card information
(https://www.webnic.cc/the-dangers-of-phishing-attacks-and-how-to-prevent-them/)
3. 3. Austrian aerospace parts maker, FACC was hit by a whaling attack in 2016, costing
the company a whopping $56 million.
4. Apple, the most valuable company in the world, is also a victim of smishing.
5. A popular cybersecurity company, RSA was also a victim of phishing attack via email.
7. Dangers
◦Identity theft
◦Loss of money
◦Loss of reputation
◦Loss of intellectual property
◦Disruption of daily normal operational activities
8. How to identify?
◦Asking personal or information
◦Creating a sense of urgency
◦Using spoofed email addresses
◦Including attachments or links
◦Unusual sender
9. How cyber criminals get benefits
from phishing attack?
◦Can be someone else and use their identity
◦Can commit fraud with someone else identity
◦Can get medical advantages
◦Can get financial advantages
10. How to protect?
◦ Educate the team to identify phishing scams and techniques
◦ Don’t click on suspicious links
◦ Use free anti-phishing add-ons
◦ Check for the security and secure status of a website
◦ Monitor and check all the online accounts
◦ Never skip or delay browser updates
◦ Setup firewalls
◦ Think twice or even thrice when submitting sensitive info