Define the term "phishing" and describe common phishing techniques.

Phishing is a cyber-attack method in which attackers use deceptive techniques to trick individuals into revealing sensitive information, such as login credentials, personal information, or financial details. The term "phishing" is a play on the word "fishing," as attackers cast a wide net, hoping to lure unsuspecting individuals into their fraudulent schemes.

  1. Email Phishing:
    • Spoofed Emails: Attackers send emails that appear to be from a legitimate source, such as a bank or a trusted organization. The emails often contain urgent messages, encouraging the recipient to click on a link or download an attachment.
    • Email Spoofing: Attackers manipulate email headers to make it appear as if the message is coming from a trustworthy sender. This can involve forging the "From" address or using a similar-looking domain.
    • Clone Phishing: Attackers create a replica of a legitimate email, often from a well-known service or organization, and replace a link or attachment with a malicious one.
  2. Spear Phishing:
    • Targeted Attacks: Unlike general phishing, spear phishing is highly targeted. Attackers customize their messages to a specific individual or organization, using information gathered from social media or other sources to make the email appear more convincing.
    • Whaling: Similar to spear phishing but specifically targeting high-profile individuals within an organization, such as executives or CEOs.
  3. Vishing (Voice Phishing):
    • Phone Calls: Attackers use phone calls to impersonate trusted entities, such as banks or government agencies, and trick individuals into providing sensitive information or making financial transactions.
  4. Smishing (SMS Phishing):
    • Text Messages: Attackers send deceptive SMS messages, often containing urgent requests or enticing offers, with links to malicious websites or instructions to reply with sensitive information.
  5. Malware-Based Phishing:
    • Malicious Attachments: Emails or messages contain attachments that, when opened, install malware on the victim's device. This malware may capture sensitive information or provide unauthorized access to the system.
    • Drive-By Downloads: Users are redirected to a malicious website that automatically downloads malware onto their device without their knowledge or consent.
  6. Man-in-the-Middle (MitM) Attacks:
    • Interception of Communication: Attackers intercept and manipulate communication between two parties, often by eavesdropping on unsecured networks or using techniques like DNS spoofing.
  7. Search Engine Phishing:
    • Malicious Websites: Attackers create fake websites that mimic legitimate ones, optimizing them for search engines to appear in top results. Users may unwittingly enter their credentials on these fraudulent sites.