What information security risks are associated with phishing? You can have more awareness of this topic. If you want to understand more information, read this study.
What Information Security Risks Are Associated With Phishing?
Phishing is an attempt to trick individuals into revealing sensitive information by posing as a trustworthy entity in electronic communication. Also, it is common to steal personal identity information and financial account credentials.
There are various approaches for phishing attacks:
- – Social engineering
- – Physical
- – Technical
Phishing is usually out by email spoofing or instant messaging. Also, it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one.
Phishing can take place through any channel that allows people to view a link (e.g. a text message, an email, or a fake pop-up). So, the message directs them to visit a web page that simulates the site they think they’re visiting.
A phishing attack may be out by an individual or a group in an attempt to make a profit, a political statement, or simply as a prank.
Although there is no single profile of a phisher, most tend to be young, educated males, who are technologically and often live in affluent countries. Some phishers are in other cybercrime, such as computer viruses and worms, identity theft and fraud, online payment fraud, and online gambling fraud.
Phishing Attacks
Social Engineering
Phishing is a very simple and powerful form of social engineering. Also, it is a form of social manipulation in which the attacker poses as a trustworthy entity to persuade a user to divulge sensitive information.
Phishing attacks are typically out using email spoofing or instant messaging. Also, direct users to enter details at a fake website whose look and feel are almost identical to the legitimate one.
Physical
Phishing attacks can also be by handing a USB drive to a person and instructing them to open the drive and follow the instructions.
Phishing attacks are highly adaptable, difficult to predict, and hard to control. Also, they are often cross-platform in nature, making it hard to build a defense that applies to all systems.
Technical
To ensure that emails are to recipients’ inboxes instead of spam folders, certain anti-spam measures have been put in place by ISPs.
These include greylisting, where an ISP will delay all mail from unknown senders by putting them in a queue for approval before delivery, and blacklists, by ISPs to ban entire ranges of IP addresses known to send spam.
Risks
The possible consequences of a phishing attack include:
- money
- privacy
- reputation
These consequences are not limited to the individual. Also, they can extend to the organization and the public.
Furthermore, the potential size of losses is increasing as phishing attacks become more sophisticated. The average cost per victim has been at $240, with a total annual global cost of $3.7 billion in 2006.
Losses are not limited to financial costs, however. Victims may also suffer from reputation damage and identity theft.
Phishing attacks can also harm an organization’s productivity and customer relations. Also, they can result in legal action being against the organization.
Conclusion
Phishing is a very simple and powerful form of social engineering. Also, it is a form of social manipulation in which the attacker poses as a trustworthy entity to persuade a user to divulge sensitive information.
Phishing attacks are typically out using email spoofing or instant messaging. Also, direct users to enter details at a fake website whose look and feel are almost identical to the legitimate one.