General
      Back to home
      1. Knowledge base
      2. Phishing Simulation & Awareness Training
      3. General

      What is phishing?

      Phishing is a type of online scam in which an attacker, often using social engineering techniques, attempts to deceive people into providing sensitive information such as usernames, passwords, credit card numbers, and other personal or financial information by posing as a trustworthy entity in a communication.

      Phishing attacks are typically launched using a fake website or an email that looks legitimate but can also be carried out through phone calls, social media messages, or any other form of electronic communication. Although the psychological triggers and technical methods used are often very similar between the different media used, phishing attacks are today a common and effective form of Cybercrime, particularly if the victim is unaware of the revealing signs of a phishing attempt.

       

      What are the types of phishing techniques?

      There are several types of phishing techniques that attackers may use, including:

      Email phishing is the most common type of phishing attack. In this type of attack, attackers send emails that appear to be from a legitimate source, such as a bank or online retailer, and ask the recipient to click on a link or provide sensitive information.

      Spear phishing is a targeted form of phishing in which attackers research their victims and create personalized emails or messages that appear to be from a trusted source, such as a colleague or friend, to trick them into divulging sensitive information.

      Smishing is a type of phishing attack that uses SMS or text messages to trick individuals into providing sensitive information or downloading malware onto their devices.

      Vishing: This is a type of phishing attack that uses voice or phone calls to trick individuals into providing sensitive information, such as login credentials or credit card information.

      Malware-based phishing: This is a type of phishing attack that involves the use of malware, such as a Trojan or a virus, to infect a user's device and steal sensitive information.

      Search engine phishing: This is a type of phishing attack that involves creating fake websites or landing pages that appear in search engine results to trick users into providing sensitive information or downloading malware.

      Clone phishing: This is a type of phishing attack that involves creating a fake website or email that appears to be a legitimate one, with minor changes made to the content, to trick individuals into providing sensitive information.

      Overall, these are just a few examples of the many types of phishing techniques that attackers may use. It's important to be aware of these techniques and to protect yourself, such as being cautious of suspicious emails, texts, or phone calls and avoiding clicking on links or downloading attachments from unknown or untrusted sources.

       

      What happens if you open a phishing email?

      If you open a phishing email, it may not necessarily harm your computer or device, but it could potentially put your personal and financial information at risk. Spam emails become a serious cyber threat if you have clicked on links, downloaded attachments, or shared sensitive information.

      However, when opening a phishing email, even if scripting is disabled, you expose information like IP address, timezone, email client information, location, operating system, system memory, etc.

      This data can be used against you to create more targeted cyber-attacks in the future. For example, by using the timezone and location information, attackers can create enhanced phishing emails in the regional language.

      If Scripting is enabled in the email client, malicious attackers can install malware and infect the system. The malware can then be used to spy on the system, deploy ransomware, or use the system as a bot or proxy.

      To avoid opening a phishing email, you can view the email address from the preview without opening the email, look for the subject line, or read the email summary. Once you find the email to be genuine, you can open the email.

      To protect against scripting attacks, make sure you disable scripting on your email client.

      If you have opened a phishing email, you can do the following:

      1. Disconnect the system from the internet.
      2. Scan your system with a reputed antivirus/malware scanner.
      3. Report the email address to your IT admin and mark it as spam.
      4. Report the email to relevant communities like CISA, NCSC, EUCPN, and Google Safe browsing.
      5. Delete the email from your email client.
         

      What happens if I download or open an attachment to a phishing email?

      If you download or open an attachment to a phishing email, you could potentially expose your computer or device to malware, viruses, or other types of malicious software that can cause harm or steal your data.

      Here are some potential consequences of downloading or opening an attachment to a phishing email:

      • Installing malware: The attachment may contain malware, such as a Trojan or virus, which can be used to gain control of your device, steal your personal information, or launch further attacks on other devices on the network.
      • Encryption of files: The attachment may contain ransomware, which can encrypt your files and demand payment in exchange for a decryption key.
      • Stealing personal and financial information: The attachment may contain a phishing kit designed to steal your login credentials, credit card numbers, or other sensitive information.
      • Launching attacks on other devices: The attachment may contain a botnet or other type of malware that can be used to launch distributed denial-of-service (DDoS) attacks or spread to other devices on the network.

      If you download or open an attachment to a phishing email, it is important to take immediate action. This may include disconnecting your device from the network, running an anti-malware scan on your device, changing your passwords, monitoring your financial accounts, and contacting your company's IT department.

       

      What happens if I click a link in a phishing email?


      Opening a phishing link can be very dangerous as it will allow attackers to install malware and viruses in the background without user knowledge. Once the malware is active, an attacker can remotely control your computer, access contact information, encrypt the entire system to demand ransom, and use the device to infect other devices in the network. Clicking a malicious link will also allow attackers to gain more detailed information about you, like which browser version you are using, permissions given to the website, cookie information, system information, and more.

      As a precaution, you might take the following steps:

      • Check the website address (URL) to identify if its legit or not. If you find the link suspicious, do not open it.
      • Report the source of the malicious URL to the IT department.
      • Block the website within your browser.


      If you have clicked the link, disconnect the computer from the Internet and any local network. Scan the system using anti-malware/spyware software, browse through your installed applications to identify any unknown or malicious ones, and uninstall them. Finally, backup your data and format the system.

       

      What happens if I reply to a phishing email?

      If you reply to a phishing email, you could potentially confirm to the attacker that your email address is active and monitored, making you more susceptible to future phishing attempts.

      Additionally, replying to a phishing email will allow attackers to gather detailed information about the user and the email servers, like the route used to send, which can be backtracked to identify the server origin. If you include any personal information like your full name, job description, and the company where you work, attackers can use that information to create targeted campaigns. With a series of targeted emails and replies, attackers can understand how you behave and reply, so they use that information to run other phishing campaigns. This sensitive information can also be used to impact the business reputation negatively. Your email will also contain geographical data, which will help attackers identify your exact location. If you share sensitive information like credit card numbers or corporate information/documents, cybercriminals might use that to demand ransom against that information.

      As a precaution, before replying to an email, always verify the sender's email address. If you are replying to a co-worker, do confirm over a second communication channel before sharing any confidential information.

      If you accidentally reply to a phishing email, it is important to take immediate action. If information has been shared, verify the email content and inform the IT Department about the information shared with the attacker. Save the conversation for the IT department to verify and identify exposure for the business. Scan the system for Malware/Viruses using a reputed antivirus/malware scanner. Also, it is advisable to change your passwords.

      What happens if I submit sensitive data to a phishing website?

      Phishing pages might contain forms, such as login pages for email clients (e.g., Outlook, Google), banking pages, parcel tracking pages, etc.

      If you submit sensitive data, such as your login credentials, credit card information, or personal identification details, to a phishing website, you give the attacker direct access to your personal and financial information. This can lead to various forms of identity theft, fraud, or other crimes.

      Here are some potential consequences of submitting sensitive data to a phishing website:

      • Identity theft: The attacker can use your personal information to impersonate you or create fake identities in your name. This can include opening new credit accounts, taking out loans, or committing other financial crimes.
      • Fraudulent charges: The attacker can use your credit card information to make fraudulent charges, potentially leading to financial losses and damage to your credit score.
      • Unauthorized access to your accounts: The attacker can use your login credentials to access your online accounts, steal your personal information, or carry out fraudulent activities on your behalf. Access to your email accounts can also allow attackers to access your passwords, browsing history, bookmarks and access other accounts using Single Sign On (SSO).
      • Blackmail or extortion: The attacker can use the sensitive data you provided to blackmail or extort you, potentially leading to further financial or emotional harm.

      If you submit sensitive data to a phishing website, it is important to take immediate action to protect yourself.

      • Check account login logs for unknown access.
      • Consider changing the password for the affected account. Additionally, you might want to enable 2FA authentication on all the accounts so that compromising the credentials will not allow attackers to gain control. Also, enable login notifications and set up backup accounts to get alerts when new devices log in.
      • Contact your bank or credit card provider to report unauthorized charges, place a fraud alert on your credit report, and monitor your financial accounts for suspicious activity.
      • Additionally, you should consider contacting the relevant authorities or service providers to report the incident and seek further guidance.