The document discusses phishing as a fraudulent method to obtain sensitive personal information, detailing various types such as deceptive phishing, spear phishing, whaling, vishing, and smishing. It emphasizes recognizing and avoiding phishing scams through careful inspection of emails and URLs, as well as implementing best practices like security awareness training and using protective software. The document advocates for proactive measures, including multi-factor authentication and maintaining up-to-date antivirus protection.

1. Phishing Attack Awareness
and Prevention
By: Sonali Kharade

2. What is Phishing ?
Phishing is the fraudulent attempt to obtain sensitive information,
or data, such as usernames, passwords and credit card details by
disguising oneself as a trustworthy entity in an electronic
communication.

3. Types of Phishing attack

4. How to Recognize and Avoid Phishing Scams
Deceptive phishing is the most common type of phishing. In this case, an attacker attempts to obtain
confidential information from the victims. Attackers use the information to steal money or to launch
other attacks. A fake email from a bank asking you to click a link and verify your account details is an
example of deceptive phishing. Similar to phishing, pharming sends users to a fraudulent website
that appears to be legitimate. However, in this case, victims do not even have to click a
malicious link to be taken to the bogus site. Attackers can infect either the user’s computer or
the website’s DNS server and redirect the user to a fake site even if the correct URL is typed in.
1. Deceptive Phishing
Attack
the most common type of phishing scam
E-mails from recognized sender
steal people’s personal data or login credentials
Care
users should inspect all URLs carefully
generic salutations, grammar mistakes and spelling
errors

5. Spear phishing targets specific individuals instead of a wide group of people. Attackers often
research their victims on social media and other sites. That way, they can customize their
communications and appear more authentic. Spear phishing is often the first step used to
penetrate a company’s defenses and carry out a targeted attack.
2. Spear Phishing
Attack
the most common on social media sites.
E-mail from recognized sender.
Uses personalized information.
Care
Employees security awareness training
Limit sharing personal and sensitive information
Invest in the automated solutions to analyze emails
How to Recognize and Avoid Phishing Scams

6. When attackers go after a “big fish” like a CEO, it’s called whaling. These attackers often
spend considerable time profiling the target to find the opportune moment and means of
stealing login credentials. Whaling is of particular concern because high-level executives are
able to access a great deal of company information.
3. Whaling
Attack
Targets higher authorities of an organization.
Uses financial transfer information.
Obtain all W-2 information of employees.
Care
Executive security awareness training
Setting up MFA for financial transaction
How to Recognize and Avoid Phishing Scams

7. Voice phishing is a form of criminal phone fraud, using social engineering over the telephone
system to gain access to private personal and financial information for the purpose of financial
reward. SMS phishing or smishing is a form of criminal activity using social engineering techniques.
4. Vishing & Smishing
Attack
Targets through phone calls and sms.
Care
Avoid calls from unknown number
Avoid to click on links received from SMS
Don’t give personal information on phone
How to Recognize and Avoid Phishing Scams

8. 1. Never Click on Hyperlinks in Email
Best Practices to Prevent Phishing
2. Never Enter Sensitive Information in a Pop Up Window
3. Verify HTTPS on Address Bar
4. Education on Phishing Attacks
5. Keep Antivirus Protection Current
6. Utilize Anti-Spam & Anti-Spy Software
7. Install and Maintain a Reliable Firewall
8. Protect Against DNS Pharming Attacks
9. Utilize Backup System Copies