What is Phishing? Understanding the Techniques and Red Flags

Explore the concept of phishing, and delving into the various techniques used by cybercriminals.

Explore the concept of phishing, and delving into the various techniques used by cybercriminals.

Wednesday, 1 May, 2024

Phishing is a kind of social engineering attack used to deceive individuals into providing sensitive information like passwords or credit card details. It typically involves deceptive emails, messages, or websites designed to appear genuine, aiming to trick recipients into revealing confidential data or clicking on malicious links. These attacks can result in identity theft, financial harm, and unauthorized access to personal accounts or systems.

Cyber Kill Chain Framework:

The Cyber Kill Chain (CKC) framework outlines the sequential stages of a cyber attack, starting from the initial reconnaissance phase to the final objective.

Types of Phishing:

There are several types of phishing attacks, they are:

Identifying Phishing Attempts: Steps to Follow

  1. Verify the Sender's Email Address:
    Ensure the sender's email address is legitimate and doesn't contain suspicious variations.

  2. Review the Email Content:
    Look for spelling, grammar, or formatting errors, as well as any urgent requests for personal information.

  3. Inspect Links:
    Hover your mouse cursor over any links in the email (without clicking) to reveal the actual URL. Ensure the URL matches with the destination URL and doesn't redirect to a suspicious website.

  4. Examine Attachments Carefully:
    Avoid opening attachments from unfamiliar sources and scan them for viruses before accessing.

  5. Verify Requests:
    Be wary of emails asking for sensitive data like passwords or account details and verify such requests through official channels.

  6. Validate Branding:
    Confirm if the email aligns with the sender's usual branding and formatting to detect potential inconsistencies.

  7. Verify Security Indicators:
    Check for security measures such as encryption or security certificates in the email headers.

  8. Trust Your Instincts: 
    If an email seems suspicious or too good to be true, trust your intuition and When uncertain, reach out to the sender through official channels to confirm the email's legitimacy.

Here are a few sandboxes where you can verify the status of the URL or attachment you have:

https://www.virustotal.com/gui/home/upload
https://sitereview.bluecoat.com/#/
https://urlscan.io/
https://sitecheck.sucuri.net/
https://nordvpn.com/link-checker/

Happy Learning !!!