1.2.3 Phone
Phishing
Phone phishing is criminal activity [32] using the social
engineering service often the use of telephone or mobile phone to accrue
the sensitive or private information to make phishing financial profit,
over 4000 cases of voice phishing are committed per year [4] and the
cost per victim is over US$1000. The preparation for phishing includes
getting ready for crime, recruiting telemarketers, and creating scripts.
The next step involves randomly making international and Internet calls
to many people.
Clone
Phishing
In this case, the attacker is attempting to clone the online portal that
often requests login credentials by imitating actual websites. He will
also attempt to send the victim junk links via phishing emails. When the
victim opens the phishing email and clicks on the spam link made by the
attacker, it will redirect to a fake page made by the attacker when the
victim is supposed to enter sensitive information like a user ID and
password. This will allow the attacker to steal and save the credentials
entered by the victim in a text file and database record on the attacker
server, after which we will redirect the victim to the legitimate
websites as an authenticated user.
1.2.5 Spear
Phishing
A spear-phishing attack targeting a specific user may leverage
information [33] such as his/her username and email address to craft
an email that is personalized to the user. This spear phishing technique
will certainly improve the success rate of the attack and techniques
that can be leveraged by an attacker to find contextual information.
1.2.6
Whaling
This mainly targets high-profile employees of big organizations to
excess highly confidential information [34]. It is also called CEO
fraud, here hackers use social engineering to phish users to give away
their bank credentials employee data, etc. These attacks are even
difficult to detect as they do not use malware or fake websites
Impacts of Phishing Attacks
According to a study by Gartner, 51 million US Internet users have
identified the receipt of e-mail linked to phishing scams and about 2
million of them are estimated to have been tricked into giving away
sensitive information [31] Throughout the world, phishing attacks
continue to evolve and gain momentum. In 2012, total phishing attacks
increased by 160% over 2011, signifying a record year in phishing
volumes. [14] In June 2018, the Anti-Phishing Working Group (APWG)
reported as many as 51,401 unique phishing websites, another report by
RSA estimated that global organizations suffered losses amounting to
$10 billion due to phishing incidents in 2016 [13], These
statistics have proven that the existing anti-phishing solutions and
efforts are not truly effective. The most widely deployed anti- phishing
solution is the blacklist warning system, found in conventional web
browsers such as Google Chrome and Mozilla Firefox. The blacklist system
queries a central database of already-known phishing URLs; thus, it is
unable to detect newly launched phishing websites. Hillary Clinton
presidential campaign chairman, John Podesta’s Google email account was
“hacked” in March 2016 prior to the US election [35]. The hacker
simply sent a phishing email to Protester’s Gmail account and lured him
to disclose his login credentials. In the phishing email, Podesta had
been invited to click on a link (i.e., Unified Resource Locator, so
called “URL”) warning him to change his password immediately. However,
the URL did not link to a secure Google web page, instead directing the
user blindly via bit.ly, which is a service used to shorten URLs.
Podesta hack didn’t require much technical skills. Instead, the hacker
merely used social engineering techniques to make the attack successful
the attack and techniques that can be leveraged by an attacker to find
contextual information.