Phishing

30 Jun 2018

PHISHING

Athallariq Rafii Nugroho

2001594655

Phishing is  a type of social engineering attack often use to steal user data, that including login credentials and credit card number. And, Phising has a trick that click a malicious link to lead for installation of malware, freezing the of the system as part of ransomware or revealing of sensitive information. Phishing is very often carry out an email spoofing or instant messaging to direct user to input their personal information at fake website.

Sometimes phishing can we called as carding or brand spoofing. The example of phishing is a phishing email come from a bank website to direct us to login with our personal account information and we will direct to the malicious link that can reset our password. Now, Why a lot of people can be  attached by phishing?. Because the fake link or ads is design exactly very same with the original website. So, Phishing is very dangerous if we cannot observant with the original website. And all of user data that already stole with phishing method will be used to carry out fraud.

Phishing attacks utilize certain techniques to execute. Examples of techniques are :

  • Link Spoofing

One common deception attackers use is making a malicious URL appear similar to an authentic URL, increasing the likelihood that a user will not notice the slight difference(s) and click the malicious URL.

  • website Spoofing

Links aren’t the only item that attackers can spoof. Websites can be spoofed or forged to appear as if they are the authentic, legitimate site by utilizing things such as Flash or JavaScript, allowing attackers to control how the URL is displayed to the targeted user.

  • Malicious and Covert Redirects

Redirects are a way attacker can force a user’s browser to interact with an unexpected website.

 

The following suggestions are designed to prevent and disarm phishing attacks are :

  • Continuous User Education and Exercise

Remove and quarantine incoming attachments known to be utilized in malicious ways before they reach your users.

  • Filter Suspicious Attachments
  • Quarantine messages that contain malicious URLs.
  • In an attempt to bypass filters, some attackers will send a phishing message that contains no text in the body and one large picture (in which the picture itself contains text, which will be ignored by some filter technology)
  • Filter on Malicious URLs
  • Disallow weak passwords.
  • Enforce recurring password changes for users.
Athallariq