- Dec 15, 2013
- 150
Phishing is a frequent topic of conversation in the media, but what exactly is it?
Phishing is the attempt to trick a victim into providing sensitive information such as usernames, passwords, credit card and banking information or other private data through the use of a realistic-looking email that appears to come from a legitimate website or business. The general idea behind a phishing attack is to entice a victim into clicking a link, much like a fisherman attempts to catch a fish with a lure on a hook. Once a victim falls for this and clicks a link in a phishing email, they may be directed to a seemingly legitimate website where they are prompted for information or to download malicious software.
While the majority of phishing attacks are not personalized and are sent to as many potential victims as possible, targeted phishing also occurs. Targeted phishing uses known information about a recipient to better convince them into providing credentials. A well-crafted targeted phishing attack can defeat even the best security controls if an attacker is able to collect highly-privileged login credentials.
To better understand how phishing attacks are conducted and how they sometimes convince end-users to type credentials into legitimate-looking websites, we will walk through some recent examples of advanced phishing attacks seen by OpenDNS Labs. View full story
.
Phishing is the attempt to trick a victim into providing sensitive information such as usernames, passwords, credit card and banking information or other private data through the use of a realistic-looking email that appears to come from a legitimate website or business. The general idea behind a phishing attack is to entice a victim into clicking a link, much like a fisherman attempts to catch a fish with a lure on a hook. Once a victim falls for this and clicks a link in a phishing email, they may be directed to a seemingly legitimate website where they are prompted for information or to download malicious software.
While the majority of phishing attacks are not personalized and are sent to as many potential victims as possible, targeted phishing also occurs. Targeted phishing uses known information about a recipient to better convince them into providing credentials. A well-crafted targeted phishing attack can defeat even the best security controls if an attacker is able to collect highly-privileged login credentials.
To better understand how phishing attacks are conducted and how they sometimes convince end-users to type credentials into legitimate-looking websites, we will walk through some recent examples of advanced phishing attacks seen by OpenDNS Labs. View full story
.
Last edited: