What is Phishing ? legal or illegal ?

PHISHING

 

Hello guys welcome again to my blog. Now i am going to explain you about a term which is very dangerous in hacking field. Because it acts as an original entity.It is made by a hacker by himself in order to get usernames and passwords of the target. Normal person can't find the difference between the real site and the virtual site. This phishing site look very legitimate like trustworthy one.

It actually redirects the user after entering his details to the real website. Phishing is a good example of social engineering types of attacks. People are commonly lured by some offer giving calls or a rewarding website to enter his details. 

Phishing email will redirect the user to visit a website where they are asked to update personal information, such as a password, credit card, social security, or bank account numbers, that the legitimate organization already has. The name cam from its pronounciation like "FISH" means like everytime we do fishing we use a hook like tool to get a fish. The main analogy is that a baited hook (a fake or malicious site ) is threw by the fisher hoping for a bite ( means getting a reply or a visit ).  

TYPES OF PHISHING ATTACKS

There are some types of Phishing attacks performed by a hacker or group of hackers. 

SPEAR PHISHING :

 Spear phishing is a common type of cyber attack in which attackers take a narrow focus and craft detailed, targeted email messages to a specific recipient or group. Spear phishing email messages won’t look as random as more general phishing attempts. Attackers will often gather information about their targets to fill emails with more reliable context. Some attackers even control business email communications and create highly customized messages.

WHALING :

Whaling is a common cyber attack that occurs when an attacker utilizes spear phishing methods to go after a huge target, such as the c-suite. Malicious actors know that executives and high-level employees (like public spokespersons) can be sage to the usual roster of spam tactics; they may have received extensive security awareness training because of their public profile, and the security team may have more drastic policies and stronger tools in place to protect them. The hackers actually perform this attack to want their desired outcome which will be like, to click on some malicious link that visits a malicious website looking like legitimate website or to click on a link that will download malware into your device.

CLONE PHISHING :

Clone phishing is also a type of phishing attack as you can guess by the name. Another variation on spear phishing attacks is clone phishing. In this attack, targets are presented with a copy of a legitimate message they had received earlier, but with specific changes the attacker has made in an attempt to ensnare the target (e.g. malicious  files attachments, invalid URL links, etc.). Because this attack is based on a already seen, legitimate message, it can be effective in duping a target.