Phishing Attacks: Types of Phishing Attacks

In this type of phishing attack, images very similar to the ones in the trusted website is created and used along with the e-mail messages. As we see the image of the trusted website, we in general fail to note some minute changes to the image and believe it to be from a trusted source; as a result, we click the link sent in the e-mail and fall victim to phishing attacks. 

Website Forgery:

There are two types of website forgery; they are: 

1. Scripting
2. Cross-scripting or XSS 

Scripting: Phishers have started using logos similar to the logos of the trustworthy website; they put these imitated logos besides the website URL to give users the feel and look of the trustworthy website. 

Cross-scripting or XSS: XSS is a new and convincing phishing attack wherein the phishers need not design a website of their own. When you visit the URL sent by the phishers it would actually take you to the intended URL, but the information submitted will reach the phishers. It is not possible to detect this phishing attack just by looking the website. 

Phishing Pop-ups: 

Image via malwarebytes

When you visit the website URL sent by the phishers it would actually take you to the intended or the original website; you would then see a pop-up to enter information like username, password, credit card information, etc. As the website is a trusted website, we end up inputting the information in the pop-up. This information is then sent to the phishers.

Tabnabbing: 

In this tabnabbing phishing, the user would be redirected to the original looking website; as opening multiple tabs and using them is normal these days, we will not note that a similar looking tab has been created. When we return back to the tab after few hours, we feel it is the original website and input our credentials. These credentials are sent to the phishers and later redirected to the original website. 

Evil Twins: 

Image via product-team

This phishing attack is more common in Wifi hot spots like airports, hotels, coffee shops, etc. As the phishers know that people browse the internet in these Wifi hotspots, they create a fake wireless network. Once you login using this fake wireless network, all credentials that you enter would be seen by the phisher. 

Phishing – how to protect yourself 

1. Never click on URLs you receive on the e-mails. To visit the website of your financial institution or bank, type it in the browser or bookmark the URL and use it.
2. Keep in mind that no financial institution or bank will ask you for sensitive information like usernames, passwords, credit card information, etc. If you receive any such e-mail, call up the financial institution and get it confirmed.
3. Phishing e-mail will salute you as “Dear Customer” rather than saluting you with your name.
4. Hover your mouse over the link and you will see it to be a different URL and not what is sent to you. 

You can find related articles by visiting http://ukhamba.web.officelive.com.  

Do you wish to earn by writing or sharing knowledge? Sign up with Triond and start making a passive income for lifetime.