WHAT IS PHISHING ATTACK?

It is a well known method which is similar to actual fishing. In fishing, we use a bait (Chaara) to attract fishes and to capture them. Similarly, in this method a hacker uses a bait, i.e., he uses fake messages, emails or websites in order to attract and steal personal information like usernames, passwords, bank details, etc. These messages can be about winning big prizes, lucky draws, verifying personal details, etc. which looks legit. 

Sometimes these emails or messages may be about verifying about the user's bank details and it might look coming straight from the bank but these messages can be a trap. Instead of verifying the details the hacker will get hold of these sensitive data.

Fake websites are made which would look normal to us. For example, it is possible to create a fake instagram website, which looks exactly similar, asking your personal information like your account and password. But if you input your personal details it will be visible to the hacker who created the website. Other fake website seems to be coming from a trustworthy or famous source but you must be careful before sharing your personal details.

TYPES OF PHISHING ATTACK:

• SPEAR PHISHING: This type of attack is exactly similar to what is been told above. A fake website, message, email, etc. is made which is then used to steal sensitive information. The only difference is that, normally when we use the term "Phishing attack" it refers to a large scale attack where there is no specific target. The victims are those who gets caught in this trap. It could be anyone as this attack spread through internet. But in "Spear Phishing", there is specific target. It could be an organization, company, etc. The attack is executed only on that particular target. The advantage of it is that as there is a particular target, the attacker can plan the attack by collecting information against the victim, finding the weaknesses and then attack according to it. This increases the probability of success.

• CLONE PHISHING: Clone Phishing is an attack where a previously received mail containing an attachment or link is used by the hacker to create an almost same email with malicious substitutions which seems like the authentic ones. In this method there is no specific target. The hacker spreads these emails, messages, etc. as much as possible. Once, someone when clicks on the attachment or link, that user becomes a victim. If you input any personal details, the hacker will get hold of it. One hacker can also make a fake facebook website which will be exactly similar. If you input your account and password the it would be visible to the hacker. The given image shows facebook website which looks authentic. But if you look closely at the URL of the website it is written "Facelook" instead of "Facebook". This is how hackers trick you. 

• WHALE PHISHING: This attack focuses on high- profile companies or organization which are powerful and wealthy. Moreover, this attack targets the employees with high post such as CEO OR CFO. It is nearly impossible for a single hacker to execute such a big attack. Therefore it takes a group of hackers to carry out such attack. If this attack becomes successful, in one way the hackers have got hold of something very big. That is why it is called "Whale Phishing". The hacker can get hold of very important information which can be used to weaken the company. Also, they can ask for a big amount of money if the company doesn't want any kind of loss giving the hacker financial benefit.