All about phishing attacks and their prevention

Hello guyzz, I hope you are doing good and safe in this pandemic.

My name is Prathamesh Pawar, and I am writing this article for making all of you safe from basic phishing attacks which we faced in daily life.

First of all we will understand the definition of the phishing attack.

“Phishing is the social engineering attack often used to steel the user information like username, passwords, credit card details, Atm card pin, etc..” It occurs when attacker masquerade himself as trusted party and forced user to give them the sensitive information.

We will see each type of phishing attack with their prevention:

Email Phishing:

Email phishing is the attack where attacker masquerade himself as genuine sender or trusted party and send email to the victims to collect the sensitive information.

The following image is the example of password reset email, with the help of that user have to reset his login password

Below image is the password reset form which appear after clicking on the link that came in the email

So we will understand how the attacker steel the credential of user.

1. Attacker send the password reset page link to the victim.
2. Victim will click on the link and redirect to password reset form.
3. Victim will enter all the credential into the form and click on submit
4. he will redirect to original website for login

All above things happened at front-end, but we will understand the back-end process of the password reset form.

1. Victim enter his current login credential into the form
2. Data will be stored into the attackers database
3. Attacker will login using the credential and takeover the account of the user
4. After that attacker will steel all the sensitive information of user, like debit/credit card details

I hope now you understood the process of email phishing.

Now we will see how can we prevent such kind of email phishing attack.

1. If you received any kind of email, click on arrow button

2. You will see following information

“What we have to look into this information?”

1. First of all we have to check whether the email is came from the trusted party or not

2. We have to see mailed by parameter whether it trustedparty.com or not

If both the condition were not satisfied then don’t click on any link of the mail

“Now one task for you to find the original email from the below image”

If your have successfully identify the original email then congratulation!!!!!! you are safe. move forward.

“Now we will see next step to identify email phishing or any link phishing”

• If you clicked on any link that redirect to any kind of login form, password reset form, Bank details entering form like below image, then how we can identify whether it’s valid or not?

Replica of original login form

The only answer to the above question is -> check the “url” of the website

I hope now you understand about the Email Phishing attack.

Let’s move forward to the next type of phishing attack.

SMS Phishing

It also called as smishing attack, where the attack perform through sending the SMS.

The if you want see the example for the the SMS phishing attack, just open message box of your mobile device. you will see following kind of messages

So now you are thinking what is the risk factor into this SMS?, what will happened after clicking on that link? Right?

Okay, So let’s see what will happened after clicking on the link

1. Malicious application get downloaded into your mobile device.
2. If you are redirect to the page which shows that, you will get the money directly into your bank. So please enter your bank account details.
3. After clicking on the link you will see the message, you have to pay 10,000 transfer fees for getting the money.

How to prevent from SMS Phishing:

no there is no long list, there is only one prevention.

“Simply ignore that kind of messages”

Voice Phishing

Voice phishing is also called as vishing attack. is the use of fraudulent phone calls to trick people into giving money or revealing personal information to the attacker.

Some examples of vishing attacks:

1. Your account has been compromised. Please call this number to reset your password.
2. Please verify the account details by telling the OTP.
3. you’ve won a prize such as a cruise or Disney vacation. To claim your prize, you have to pay the redemption fees.
4. Your debit card validity is going to be expired in next 24 hours, as there is bank holiday today, you have confirm your card details on call only.

How to prevent from this kind of phishing attack:

1. Cut the call
2. If the caller is from bank and asking your information, cut the call and make call to your bank number for verifying whether its real or not.

Thank you for reading the article.