Phishing, Spear Phishing, and Vishing
Phishing, Spear Phishing, and Vishing: Phishing is a form of social engineering in which you ask someone for a piece of information that you are missing by making it look as if it is a legitimate request.
An email might look as if it is from a bank and contain some basic information, such as the user’s name.
In the email, it will often state that there is a problem with the person. After they click the link-which goes to a site other then the bank’s-they are asked for their username, password, account information, and so on.
The person instigating the phishing can then use the values entered there to access the legitimate account.
Phishing, Spear Phishing, and Vishing
TIP: One of the best counters to phishing is to simply mouse over the Click Here link and read the URL. Almost every time it is pointing to an adaption of the legitimate URL as opposed to a link to the real thing.
Spear phishing is a unique form of phishing in which the message is made to look as if it came from someone you know and trusted as opposed to an informal third party.
For example, in a phishing attack, you would get a message that appears to be from Giant Bank XYZ telling you that there is a problem with your account and you need to log in to rectify this right away.
Such a message from someone you have never heard of would run a high risk of raising suspicion and thus generate lower than desired rate of return for the phishers.
With spear phishing, you might get a message that appears to be from your boss telling you that there is a problem with your direct deposit account and that you need to access this HR link right now to correct it.
Spear phishing works better than phishing because it uses information that it can find about you from email database, friends lists, and the like.
When you combine phishing with Voice over IP (VoIP), it becomes known as vishing, and it is just an elevated form of social engineering.
Crank calls have been in existence since the invention of the telephone. But the rise in VoIP now makes it possible for someone to call you from almost anywhere in the world,
without worry of tracing, caller ID, and other land-line features, and pretend to be someone they are not in order to get data from you.
Xmas Attack
Xmas Attack: Network mapping allows you to see everything that is available. The best-known network mapper is Nmap, which can run on all operating systems and is found at http://nmap.org/.
One of the most popular attacks that uses Nmap is known as the Xmas Attack (also more appropriately known as the Xmas scan), or Christmas Tree attack.
This is an advanced scan that tries to get around firewall detection and look for open ports.
It accomplishes this by setting three flags (FIN,PSH, and URG); understanding the intricacies of this is beyond that you need to know for the Security+ exam,
but you can find out more about this attack at http://nmap.org/ in the reference guide.
DISCLAIMER: This Website Does Not Promotes Any illegal content , all contents provided by This Website is meant for EDUCATIONAL purpose only .
If you have any question regarding Phishing, Spear Phishing, and Vishing Click here to ask.
4 Comments