MD4 Phishing for information Flashcards
Phishing
Phishing is the use of digital communications to trick people into revealing sensitive data or deploying malicious software. Phishing leverages many communication technologies, but the term is mainly used to describe attacks that arrive by email.
Phishing attacks don’t just affect individuals. They are also harmful to organizations. A single employee that falls for one of these tricks can give malicious attackers access to systems. Once inside, attackers can exploit sensitive data like customer names and product secrets.
Phishing kits
Attackers who carry out these attacks commonly use phishing kits. A phishing kit is a collection of software tools needed to launch a phishing campaign. People with little technical background can use one of these kits.
Each of the tools inside are designed to avoid detection. As a security professional, you should be aware of the three main tools inside a phishing kit, so that you can quickly identify when they’re being used and put a stop to it.
3 tools of Phishing Kits
- malicious attachments
The first is malicious attachments. These are files that are infected and can cause harm to the organization’s systems.
3 tools of Phishing Kits
- fake-data collection forms
Phishing kits also include fake-data collection forms. These forms look like legitimate forms, like a survey. Unlike a real survey, they ask for sensitive information that isn’t normally asked for in an email.
3 tools of Phishing Kits
- Fraudulent web links
The third resource they include are fraudulent web links. These open to malicious web pages that are designed to look like trusted brands. Unlike actual websites, these fraudulent sites are built to steal information, like login credentials.
Smishing
Smishing is the use of text messages to obtain sensitive information or to impersonate a known source.
Vishing
Vishing is the exploitation of electronic voice communication to obtain sensitive information or impersonate a known source. During vishing attacks, criminals pretend to be someone they’re not.
anti-phishing policies
anti-phishing policies spread awareness and encourage users to follow data security procedures correctly. Employee training resources also help inform employees about things to look for when an email looks suspicious.
Another line of defense against phishing is securing email inboxes. Email filters are commonly used to keep harmful messages from reaching users. For example, specific email addresses can be blocked using a blocklist. Organizations often use other filters, like allowlists, to specify IP addresses that are approved to send mail within the company.
Organizations also use intrusion prevention systems to look for unusual patterns in email traffic. Security analysts use monitoring tools like this to spot suspicious emails, quarantine them, and produce a log of events.