Let's discuss a scenario where a thief sends an email with a fake link, hoping a user will click it. And the link could install malicious software, malware, in the user's computer. And the malware could transmit sensitive information back to the thief, you know, such as passwords. And this is fairly typical. Phishing schemes are becoming very common, because if you send them out to 10,000 people, you're probably gonna have 500 to 700 people who are dumb enough to click on them. How frequent and effective is Phishing schemes?
If the malware successfully installed into the system and that malware can basically take over the computer, monitor keyboards, monitor input-output. And as you're typing in passwords, it can capture that stuff, transmit it to another location to where the thief resides, and they're able to gain remote access to your system and they're in. And once they're in, they have access to the information. They can do all sorts of wrong things to your cloud-based system or your on-premise-based system.
Always be cautious of those who tell you, yes, we are secure and our data is safe. They often don't know better, or ignore the red flags that could be lingering inside their systems.
It is a social engineering attack. The attacker uses a trick to persuade the people to open url link, in reality, it could be a fake web site.
The total number of phishing attacks, also referred to as social engineering, in 2016 was 1,220,52329. This was a 65 percent increase over 201530. In many instances, social engineering requires very little technical know-how and instead relies mostly on finesse. It’s also rather effective, as an estimated two-thirds of data breaches and hacking events now rely on social engineering.
These attacks are very effective. Over 80% of all data breaches come in through some form of phishing or social engineering attack.
Dear John Ellingson , thank you for sharing your research and insight!!!
How to prevent PHISHING/SPOOFING
- Be suspicious of any unsolicited email requesting personal information.
- Avoid filling out forms in email messages that ask for personal information.
- Always compare the link in the email to the link that you are actually directed to.
- Log on to the official website, instead of "linking" to it from an unsolicited email.
- Contact the actual business that supposedly sent the email to verify if the email is genuine.
Be careful in case of any unwanted email requesting personal information.
Dr Kamath Madhusudhana
- Badges
- Science topic
- Similar topics
- Medical Science Nursing
- Dissertations