PISHING ATTACK AND HOW TO AVOID IT

---

PISHING ATTACK

Phishing is a type of cyber attack in which a hostile actor impersonates a legitimate company or business in order to fool consumers and steal personal information such as credit card numbers, usernames, and passwords. Phishing is classified as a sort of social engineering assault since it involves psychological manipulation and depends on human error (rather than technology or software).

Phishing attacks typically utilize deceptive emails to get users to provide important information on a fake website. These emails normally ask the user to reset his password or confirm his credit card details, then redirect the user to a bogus website that looks extremely similar to the real one. Clone phishing, spear phishing, and pharming are the most common types of phishing.

Malicious actors aim to steal Bitcoin or other digital currencies from users using phishing assaults. For example, an attacker could mimic a reputable website and change the wallet address to his own, giving users the appearance that they are paying for a legitimate service when their money is actually being stolen.

TYPES OF PISHING

• Clone pishing

An attacker will duplicate the contents of a previously sent, valid email into a comparable one that contains a link to a malicious website. The attacker may then claim that this is a new or updated link, claiming that the previous one has expired.

---

• Spear phishing

This form of attack targets a single individual or organization, which is frequently recognized by others. Because it is profiled, a spear attack is more sophisticated than other types of phishing. This means that the attacker gathers information about the victim (for example, names of friends or family members) and then creates a message based on that information with the goal of persuading the victim to visit a malicious website or download a malicious file.

---

• Pharming

An attacker will poison a DNS record, causing visitors to a legitimate website to be redirected to a fraudulent domain that the attacker has created ahead of time. Because DNS records are beyond of the user's control, they are powerless to protect against this assault.

---

• Whaling

A type of spear phishing that targets the wealthy and powerful, such as CEOs and political leaders.

---

• Email spoofing

Phishing emails usually imitate communications from real businesses or individuals. Phishing emails may contain links to malicious websites, where attackers acquire login credentials and personally identifiable information (PII) via ingeniously disguised login forms. Trojans, keyloggers, and other dangerous scripts that steal personal information may be present on the pages.

---

• Website redirects

Users are redirected to URLs other than the one they meant to visit when they employ a website redirect. Actors who take advantage of security flaws may reroute users' browsers and install malware on their computers.

---

• Typosquatting

Phishing emails usually imitate legitimate company or person correspondence. Phishing emails may contain links to malicious websites, where attackers obtain login credentials and personal information from unwitting victims through ingeniously disguised login pages. Trojans, keyloggers, and other dangerous programs may be present on the pages, stealing personal data.

---

• The watery hole

Users are sent to URLs other than the one they planned to view when they employ website redirects. Actors that take advantage of security flaws may redirect consumers' PCs and install malware.

---

• Impersonation & Giveaways

Impersonation and Giveaways: Another approach used in phishing attempts is the impersonation of influential persons on social media. Phishers may imitate company executives and use their audience to sell freebies or participate in other misleading actions. Social engineering procedures aimed at locating naive people may even be used to target particular victims of this deception. Actors can hack verified accounts and change usernames in order to impersonate a real person while keeping their verified status. Victims are more likely to contact with and submit PII to ostensibly powerful people, allowing phishers to profit from their data.

Phishers have recently been spoofing chats, impersonating persons, and imitating real services on platforms such as Slack, Discord, and Telegram.

---

• Advertisement

Phishing is also carried by using paid adverts. These (false) advertising use typosquatted domains that were paid to appear higher in search results. In searches for real organizations or services, such as Binance, the sites may even show up as a top search result. Sites like these are frequently used to phish for sensitive information, such as your trading account login details.

---

• Malicious Application

Malicious apps can also be used by phishers to deliver malware that tracks your movements or steals personal data. Apps that pretend to be price trackers, wallets, and other crypto-related utilities have been discovered (which have a base of users predisposed to trading and possessing cryptocurrency).

---

• Text phishing

Other methods by which attackers try to obtain personal information include SMS phishing (a text message-based version of phishing) and vishing (a voice/phone equivalent).

PISHING AND PHARMING

Although some people mistake pharming for phishing, it employs a different method. The main difference between phishing and pharming is that phishing requires the victim to make a mistake, whereas pharming only requires the victim to contact a legitimate website whose DNS record has been compromised by the attacker.

---

HOW TO PREVENT PISHING

✔️Be wary: thinking critically about the emails you receive is your best weapon against phishing. Were you hoping to get an email regarding the topic? Do you have any suspicions that the information that individual is looking for isn't really theirs? If you're unsure, try contacting the sender via another method.

---

✔️Check the content: You can use a search engine to look up a portion of the content (or the sender's email address) to see if any previous phishing campaigns have used that strategy.

---

✔️If you believe you have received a valid request to confirm your account credentials for a company you are familiar with, instead of clicking the link in the email, try an alternate method.

---

✔️Check the URL: without opening the link, hover over it to see if it begins with HTTPS rather than HTTP. But keep in mind that this isn't a guarantee that the website is legitimate. Examine URLs for misspellings, strange characters, and other anomalies.

---

✔️Never give out your Bitcoin wallet's private key, and always double-check that the items and vendor to whom you're donating cryptocurrency are genuine. The difference between using crypto and using a credit card is that there is no central authority to dispute a charge if you never received the agreed-upon item or service. As a result, dealing with bitcoin transactions necessitates a higher level of prudence.

CONCLUSION

Phishing attacks has been the main source of various cyber attacks over the years. In as much as some securities measures such as email filters have been put in place in other to help combat pishing attacks, an extra awareness is required by users in other to stay vigilant which will help them avoid such attacks.

10% to @Tron-Fan-Club