What are Phishing Scams

Tips for hacking provide you the detail about what are phishing scams and how to do Phishing all explanations in this article,

Phishing, at its core, relies on either fear, urgency, or something that just sounds too good to be true. Fear and urgency do work well and I am sure we have all seen it before. Some examples of fear and urgency types of attacks include:

• A fake email with a fraudulent purchase
• Someone hacked into your email message
• Email about tax fraud

General attacks are that we are noticing that corporate employees are getting smarter and smarter. Usually, at least 1 out of every 10 emails for basic phish style attack will get reported. In some cases, the numbers are much higher. This is where it is valuable for a Red Team to continually monitor these easy phish attacks to see if a company is getting better at responding to these situations.

Definition Phishing

Phishing – attempt to acquire sensitive information, like bank account information or an account password, by posing as a legitimate entity in electronic communication (example: an email that pretends to be from the IT Help Desk saying there’s a problem with email, so reply with your username and password to keep your email account active)

A phishing scam that targets a specific audience

1. General principles

• Neither IT support staff nor any legitimate business will EVER ask for your password in an email.
• Use common sense and logic – any email maintenance would be announced ahead of time K-State also does not have an email quota.
• Think before you click – many have fallen victim due to a hasty reply
• Be paranoid
• Don’t be timid about asking for help from your IT support person or the IT Help Desk

Characteristics of Scam Email

• Poor grammar and spelling
• The “Reply-to:” or “From:” address is unfamiliar, or is not a ksu.edu or k-state.edu address.
• Uses unfamiliar or inappropriate terms (like “send your account information to the MAIL CONTROL UNIT”)
• It asks for private information like a password or account number or tries to get you to click on a link that takes you to a web form that asks for the info.
• The message contains a link where the displayed address differs from the actual web address.
• Does not provide explicit contact information (name, address, and phone #, or a website) for you to verify the communication. A good example is spear-phishing scam that tries to steal your eID password and is signed only by “Webmail administrator”

How to Identify a Phishing Attack

1. Suspicious login attempts
2. The attacker asks you password, pin or OTP
3. An attacker may send you fake invoice
4. They want you to click the link

1. Don’t reply any spam emails
2. Do not follow any links from unknown emails
3. Don’t open or save any suspicious document from unknown emails.
4. Never share your personal information with anyone through your own emails

Think Before You Click, It’s fine to click on links when you’re on trusted sites. Clicking on links that appear in random emails and instant messages, however, isn’t such a smart move. Hover over links that you are unsure of before clicking on them.
Install an Anti-Phishing Toolbar Most popular Internet browsers can be customized with anti-phishing toolbars. Such toolbars run quick checks on the sites that you are visiting and compare them to lists of known phishing sites.
Keep Your Browser Up to DateAlways Upgrade the browser that protect you from phishing.

And that’s it. Hopefully, You read my article completely, and it’s really helpful for you to understand hacking and what are phishing attacks and whats spear phishing and how to protect your system by the spear-phishing attack. All Kinds of questions related to the hacking, answer are available in this article. More Information Visit my Channel Tips4Hacking