With the beginning of internet,
various online attacks have been increased and among them, the most popular
attack is phishing. Phishing is an online security attack where the hacker targets
in achieving sensitive information like passwords, credit card information etc.
from the users by making them to believe what they see is what it is. It is the
combination of social engineering and technical methods to convince the user to
reveal their personal data. The paper discusses about the different types of
Phishing attack. This paper also provides different techniques to detect these
attacks as preventive measures.
Phishing can be compared with fishing
in a lake, instead of trying to capture fish, phishers goal is to steal
your personal information. Phishing being one of
the easiest forms of cyber-attack for a criminal to carry out which can provide
crucial information of an individual and the
information can be anything like passwords, account numbers, credit card
has become serious issue with the growing service of the internet. Phishing can
take any form of spam email, fake website, fake social accounts.
Steps involved in phishing attack 1:
-Attacker host a
may also send very convincing but fake emails to number of people.
website and emails contain links directing to further fake web pages(most
probably banking websites).
user ends up submitting confidential data.
attacker uses this confidential data for his personal gains.
How did it begin?
Phishing attack was
first encountered in mid 1990s which attempted to steal AOL usernames and
password using software tools like AOHell.
These types of early attacks were new and
which users had never seen before, thus were gaining success. AOL provided
warnings to users about the risks, but phishing remained successful and it’s
still here over 20 years on. In many ways, it has remained very much the same
for one simple reason – because it works.
2. Types of Phishing
Phishing attack can take any form and mainly targets
individuals of any responsible for sensitive data. Many users don’t really know
how to recognize these attacks. Let’s look at the different types of phishing
I. DECEPTIVE PHISHING
Deceptive Phishing is type
phishing in which a fraudster impersonates to be a legitimate company. This attempts
to steal people’s personal information or login credentials. These types of
emails frequently use threats and a sense of urgency to scare users into doing
the attacker’s will.
More the resemblance of attack email with the legitimate
company’s official correspondence, more the success rate of deceptive phishing
attack. A user is therefore always expected to inspect all URLs he is visiting
and be assure that they do not redirect to an unknown website. A user should
also check salutations, grammatically correct sentences and words in emails. 2.
II. SPEAR PHISHING
spear phishing scams, attacker tricks the recipient to believe that they have a
connection with the sender, impostors customize their attack emails with the
target’s name, position, company, work phone number and other information. The
ultimate aim is the same as deceptive phishing.
As a preventive measure against this attack companies
should organize various awareness training for employees, which will aware them
to not to share sensitive data. Along with this companies should get solutions limit inbound
emails for known malicious links/email attachments 3.
III. PHONE PHISHING
Phone Phishing or Voice
phishing or simply Vishing is an attack where attacker claims to be from an authenticated
bank, to ask the details for their bank accounts. Fraudsters prefer using features such
as caller ID
as caller ID spoofing facilitated by Voice over IP (VoIP).
This type of phishing is challenging
for legal authorities to monitor or trace. Thus, consumers should always be
aware of any messages directing them to call and provide credit card or bank
SOCIAL NETWORK ACCOUNTS:
The social networking
sites like Facebook, twitter, LinkedIn, Orkut allows any user to create
accounts and many of them can be fake. Many such fake profiles exists and
attacker can access to either personal or secret data that the user discloses
when he creates an account. Though these websites have policies against fake
profiles, but fake accounts are available. Lack of a real system to determine
the validity of user can be one of the reason5.
Against Phishing Attacks
Social engineering attacks manipulate
human beings and draw victims into their traps. Thus, it is important to be careful
about any unknown and strange email, an attractive but unrealistic offer on a
website. This can help you guard yourself against most social engineering
Below described ways can help in
protecting you against these social engineering attacks 6:
opening emails and attachments from unknown sources:
Avoid any email from unknown or unheard
sender and you are doubtful about their message. Verify the content from other
sources, such as via a telephone or directly from a service provider’s site.
Remember that email addresses are spoofed all the time; even an email
purportedly coming from a trusted source may have been initiated by an
Use of Multifactor Authentication:
User’s credentials are what attacker is
seeking. Use of multifactor authentication guarantees your account’s protection
in the event of system compromise. Imperva Incapsula Login Protect is an
easy-to-deploy 2FA solution that can increase account security for your
Be cautious of tempting offers:
Phishers mainly target to present tempting
offers. Think twice and cross-verify any offer before accepting it. Try to get more information by Googling the offer
you are offered and you can determine whether it is legitimate or not.
Antivirus/Antimalware software should be updated:
Your antivirus or antimalware software
should always be updated or make automatic update option on for them. At same
time check whether these updates are applied properly and working as per
attacks have become so common which can attack globally and capture and store the
user’s confidential information. This information is used by the attackers
which are indirectly involved in the phishing process. There
are number of attacks present which break the user privacy. In this paper we
summarize the types of recent phishing attacks which is very harmful. Internet
users should be aware about all these attacks and prevent their data for the
K. Nirmal, B. Janet
and B. Kumar, “Phishing – The threat that still exists,” International
Conference on Computing and Communications Technologies (, 2015.
R. A. Halaseh and
J. Alqatwana, “Analyzing CyberCrimes Strategies: The Case of Phishing
Attack,” Cybersecurity and Cyberforensics Conference, 2016.
Lakhita, S. Yadav,
B. Bohra and Pooja, “A Review on Recent Phishing Attacks in
Internet,” International Conference on Green Computing and Internet
of Things, 2015.
L. Wu, X. Du and J.
Wu, “Effective Defense Schemes for Phishing Attacks on,” IEEE,
S. Gupta, A.
Singhal and A. Kapoor, “A Literature Survey on Social Engineering
Attacks:,” International Conference on Computing, Communication and
M. Khonji and Y.
Iraqi, “Phishing Detection: A Literature Survey,” IEEE
COMMUNICATIONS SURVEYS & TUTORIALS,, 2013.