Phishing - Revision history

Globalcyberalliance at 19:09, 30 October 2023

2023-10-30T19:09:51Z

← Older revision		Revision as of 19:09, 30 October 2023
Line 1:		Line 1:
	{\| class="wikitable"		{\| class="wikitable"
	\|-		\|-
	\| style="width: 50%; vertical-align: top;" colspan="2" \| [[File:ACT_Phishing_Icon.svg\|frameless\|40px\|link=~~Malware~~]] <big>'''Introduction'''</big> <br>		\| style="width: 50%; vertical-align: top;" colspan="2" \| [[File:ACT_Phishing_Icon.svg\|frameless\|40px\|link=Phishing]] <big>'''Introduction'''</big> <br>
	'''Phishing''' is a malicious [[Social Engineering]] technique used by cybercriminals to deceive individuals and organizations into revealing sensitive information, such as login credentials, financial data, or personal details. Phishing attacks often take the form of fraudulent emails, websites, or messages that appear to be from legitimate sources but are designed to trick recipients into taking harmful actions.		'''Phishing''' is a malicious [[Social Engineering]] technique used by cybercriminals to deceive individuals and organizations into revealing sensitive information, such as login credentials, financial data, or personal details. Phishing attacks often take the form of fraudulent emails, websites, or messages that appear to be from legitimate sources but are designed to trick recipients into taking harmful actions.

Globalcyberalliance at 18:27, 30 October 2023

2023-10-30T18:27:18Z

← Older revision		Revision as of 18:27, 30 October 2023
Line 14:		Line 14:
	<strong>Cybersecurity Tools</strong>		<strong>Cybersecurity Tools</strong>
	{{#categorytree:Phishing\|mode=collapsed}}		{{#categorytree:Phishing\|mode=collapsed}}
	{{#categorytree:~~Antivirus~~ & Anti-malware Software\|mode=collapsed}}		{{#categorytree:Anti-virus & Anti-malware Software\|mode=collapsed}}
	{{#categorytree:Security Awareness & Training\|mode=collapsed}}		{{#categorytree:Security Awareness & Training\|mode=collapsed}}
	\|-		\|-

Globalcyberalliance at 06:57, 30 October 2023

2023-10-30T06:57:32Z

← Older revision		Revision as of 06:57, 30 October 2023
Line 12:		Line 12:
	* '''Vishing (Voice Phishing)''': Cybercriminals use phone calls to impersonate trusted entities and manipulate victims into revealing confidential data.		* '''Vishing (Voice Phishing)''': Cybercriminals use phone calls to impersonate trusted entities and manipulate victims into revealing confidential data.
	\| style="width: 30%; vertical-align: top;" colspan="1" \| [[File:stalking-hyenas.png\|frameless\|100px\|right\|link=Top_Threats]]		\| style="width: 30%; vertical-align: top;" colspan="1" \| [[File:stalking-hyenas.png\|frameless\|100px\|right\|link=Top_Threats]]
	~~{\| role="presentation" class="wikitable mw-collapsible mw-collapsed"~~		<strong>Cybersecurity Tools</strong>
	\| <strong>Cybersecurity Tools</strong>		{{#categorytree:Phishing\|mode=collapsed}}
	\|-		{{#categorytree:Antivirus & Anti-malware Software\|mode=collapsed}}
	\|		{{#categorytree:Security Awareness & Training\|mode=collapsed}}
	{{#categorytree:Phishing\|mode=~~pages\|all~~}}
	{{#categorytree:Antivirus & Anti-malware Software\|mode=~~pages\|all~~}}
	{{#categorytree:Security Awareness & Training\|mode=~~pages\|all~~}}
	\|}
	\|-		\|-
	\| style="width: 20%; vertical-align: top;" \| <big>'''Motives'''</big><br>		\| style="width: 20%; vertical-align: top;" \| <big>'''Motives'''</big><br>

Globalcyberalliance at 05:42, 30 October 2023

2023-10-30T05:42:54Z

← Older revision		Revision as of 05:42, 30 October 2023
Line 16:		Line 16:
	\|-		\|-
	\|		\|
	{{#categorytree:Phishing\|mode=pages~~\|hideroot~~\|all}}		{{#categorytree:Phishing\|mode=pages\|all}}
	{{#categorytree:Antivirus & Anti-malware Software\|mode=pages~~\|hideroot~~\|all}}		{{#categorytree:Antivirus & Anti-malware Software\|mode=pages\|all}}
	{{#categorytree:Security Awareness & Training\|mode=pages~~\|hideroot~~\|all}}		{{#categorytree:Security Awareness & Training\|mode=pages\|all}}
	\|}		\|}
	\|-		\|-

Globalcyberalliance at 05:42, 30 October 2023

2023-10-30T05:42:28Z

← Older revision		Revision as of 05:42, 30 October 2023
Line 1:		Line 1:
			{\| class="wikitable"
			\|-
			\| style="width: 50%; vertical-align: top;" colspan="2" \| [[File:ACT_Phishing_Icon.svg\|frameless\|40px\|link=Malware]] <big>'''Introduction'''</big> <br>
	'''Phishing''' is a malicious [[Social Engineering]] technique used by cybercriminals to deceive individuals and organizations into revealing sensitive information, such as login credentials, financial data, or personal details. Phishing attacks often take the form of fraudulent emails, websites, or messages that appear to be from legitimate sources but are designed to trick recipients into taking harmful actions.		'''Phishing''' is a malicious [[Social Engineering]] technique used by cybercriminals to deceive individuals and organizations into revealing sensitive information, such as login credentials, financial data, or personal details. Phishing attacks often take the form of fraudulent emails, websites, or messages that appear to be from legitimate sources but are designed to trick recipients into taking harmful actions.

	~~== Overview ==~~
	Phishing attacks are a common and serious threat to cybersecurity. These attacks exploit human psychology and trust in familiar brands or institutions to manipulate victims into divulging confidential information or performing actions that compromise their security.		Phishing attacks are a common and serious threat to cybersecurity. These attacks exploit human psychology and trust in familiar brands or institutions to manipulate victims into divulging confidential information or performing actions that compromise their security.

Line 9:		Line 11:
	* '''Smishing (SMS Phishing)''': Phishing attacks conducted through text messages or SMS, often directing recipients to click on malicious links or respond with sensitive information.		* '''Smishing (SMS Phishing)''': Phishing attacks conducted through text messages or SMS, often directing recipients to click on malicious links or respond with sensitive information.
	* '''Vishing (Voice Phishing)''': Cybercriminals use phone calls to impersonate trusted entities and manipulate victims into revealing confidential data.		* '''Vishing (Voice Phishing)''': Cybercriminals use phone calls to impersonate trusted entities and manipulate victims into revealing confidential data.
			\| style="width: 30%; vertical-align: top;" colspan="1" \| [[File:stalking-hyenas.png\|frameless\|100px\|right\|link=Top_Threats]]
	== ~~Motives~~ ==		{\| role="presentation" class="wikitable mw-collapsible mw-collapsed"
			\| <strong>Cybersecurity Tools</strong>
			\|-
			\|
			{{#categorytree:Phishing\|mode=pages\|hideroot\|all}}
			{{#categorytree:Antivirus & Anti-malware Software\|mode=pages\|hideroot\|all}}
			{{#categorytree:Security Awareness & Training\|mode=pages\|hideroot\|all}}
			\|}
			\|-
			\| style="width: 20%; vertical-align: top;" \| <big>'''Motives'''</big><br>
	The motives behind phishing attacks can vary, but they often include:		The motives behind phishing attacks can vary, but they often include:
	* '''Financial Gain''': Phishers may aim to steal banking credentials, credit card numbers, or conduct fraudulent transactions.		* '''Financial Gain''': Phishers may aim to steal banking credentials, credit card numbers, or conduct fraudulent transactions.
	* '''Data Theft''': Accessing sensitive data, such as corporate secrets or intellectual property, is a common objective.		* '''Data Theft''': Accessing sensitive data, such as corporate secrets or intellectual property, is a common objective.
	* '''Identity Theft''': Phishers may seek personal information for identity theft, leading to fraudulent activities on victims' behalf.		* '''Identity Theft''': Phishers may seek personal information for identity theft, leading to fraudulent activities on victims' behalf.
			\| style="width: 20%; vertical-align: top;" \| <big>'''Prevention and Mitigation'''</big><br>
	== Prevention and Mitigation ==
	Preventing phishing attacks requires a combination of technical defenses and user awareness:		Preventing phishing attacks requires a combination of technical defenses and user awareness:

	=== Technical Defenses ===		=====Technical Defenses=====
	* '''Email Filtering''': Employing robust email filtering solutions to detect and quarantine phishing emails before they reach recipients' inboxes.		* '''Email Filtering''': Employing robust email filtering solutions to detect and quarantine phishing emails before they reach recipients' inboxes.
	* '''Multi-factor Authentication (MFA)''': Implementing MFA adds an extra layer of security, making it harder for attackers to gain unauthorized access.		* '''Multi-factor Authentication (MFA)''': Implementing MFA adds an extra layer of security, making it harder for attackers to gain unauthorized access.

	=== User Awareness ===		=====User Awareness=====
	* '''Education and Training''': Raising awareness and providing training to help individuals recognize phishing attempts and understand safe online practices.		* '''Education and Training''': Raising awareness and providing training to help individuals recognize phishing attempts and understand safe online practices.
	* '''Suspicion and Vigilance''': Encouraging users to be cautious and verify the authenticity of emails or messages, especially those requesting sensitive information or urgent actions.		* '''Suspicion and Vigilance''': Encouraging users to be cautious and verify the authenticity of emails or messages, especially those requesting sensitive information or urgent actions.
			\| style="width: 20%; vertical-align: top;" \| <big>'''Notable Incidents'''</big><br>
	== Notable Incidents ==		Several high-profile phishing incidents have had significant consequences, including data breaches, financial losses, and reputational damage:
	Several high-profile phishing incidents have had significant consequences, including data breaches, financial losses, and reputational damage.		# '''Ubiquity Network social engineering attack (2015)''' - Scammers impersonated a senior member of Ubiquity Network, and an employee fell prey to the scam resulting in a loss of $46.7 million.
			# '''Ukrainian power grid attack (2015)''' - The attackers sent a phishing email to employees of Kyivoblenergo, a Ukrainian electricity distribution company, containing a malicious attachment that gave the attackers access to the company's network; this caused a blackout affecting 225,000 customers.
	~~== See Also ==~~		# '''Sony Pictures hack (2014)''' - The attackers sent a phishing email to employees of Sony Pictures Entertainment containing a malicious link that when clicked, installed malware that gave the attackers access to Sony Pictures' network, allowing them to steal sensitive data, including unreleased movies and employee information.
	~~TBD~~		# '''Target data breach (2013)''' - The attackers gained access to Target's network by sending phishing emails to employees of a third-party vendor through malicious links that installed malware. This allowed the attackers to steal credit and debit card information from over 40 million customers.
			# '''RSA hack (2011)''' - The attackers send a phishing email to an employee of RSA containing a malicious link, which, when clicked, installed malware that gave the attackers access to RSA's network, allowing them to steal two-factor authentication tokens that could be used to access a wide range of systems and networks.
	~~== References ==~~		\|-
	~~TBD~~		\| colspan="3" style="vertical-align: top;" \| <big>'''Conclusion'''</big><br>
			\|}
	~~== External Links ==~~
	* [https://www.~~antiphishing~~.~~org/ Anti~~-~~Phishing Working Group~~ (~~APWG~~)]
	* [https://www.~~cisa~~.~~gov/publications~~-~~library/cybersecurity~~-~~awareness~~-~~stakeholder~~-~~resources Cybersecurity Awareness Resources (CISA)]~~

Globalcyberalliance at 23:20, 21 September 2023

2023-09-21T23:20:16Z

← Older revision		Revision as of 23:20, 21 September 2023
Line 1:		Line 1:
	'''Phishing''' is a malicious [[~~Social_Engineering~~]] technique used by cybercriminals to deceive individuals and organizations into revealing sensitive information, such as login credentials, financial data, or personal details. Phishing attacks often take the form of fraudulent emails, websites, or messages that appear to be from legitimate sources but are designed to trick recipients into taking harmful actions.		'''Phishing''' is a malicious [[Social Engineering]] technique used by cybercriminals to deceive individuals and organizations into revealing sensitive information, such as login credentials, financial data, or personal details. Phishing attacks often take the form of fraudulent emails, websites, or messages that appear to be from legitimate sources but are designed to trick recipients into taking harmful actions.

	== Overview ==		== Overview ==

Globalcyberalliance at 23:20, 21 September 2023

2023-09-21T23:20:04Z

← Older revision		Revision as of 23:20, 21 September 2023
Line 1:		Line 1:
	'''Phishing''' is a malicious [[~~social engineering~~]] technique used by cybercriminals to deceive individuals and organizations into revealing sensitive information, such as login credentials, financial data, or personal details. Phishing attacks often take the form of fraudulent emails, websites, or messages that appear to be from legitimate sources but are designed to trick recipients into taking harmful actions.		'''Phishing''' is a malicious [[Social_Engineering]] technique used by cybercriminals to deceive individuals and organizations into revealing sensitive information, such as login credentials, financial data, or personal details. Phishing attacks often take the form of fraudulent emails, websites, or messages that appear to be from legitimate sources but are designed to trick recipients into taking harmful actions.

	== Overview ==		== Overview ==

Globalcyberalliance at 23:19, 21 September 2023

2023-09-21T23:19:03Z

← Older revision		Revision as of 23:19, 21 September 2023
Line 1:		Line 1:
	~~Placeholder~~		'''Phishing''' is a malicious [[social engineering]] technique used by cybercriminals to deceive individuals and organizations into revealing sensitive information, such as login credentials, financial data, or personal details. Phishing attacks often take the form of fraudulent emails, websites, or messages that appear to be from legitimate sources but are designed to trick recipients into taking harmful actions.

			== Overview ==
			Phishing attacks are a common and serious threat to cybersecurity. These attacks exploit human psychology and trust in familiar brands or institutions to manipulate victims into divulging confidential information or performing actions that compromise their security.

			Phishing can take various forms, including:
			* '''Email Phishing''': Cybercriminals send deceptive emails that appear to be from reputable organizations, asking recipients to click on links, download attachments, or enter sensitive information.
			* '''Spear Phishing''': Targeted phishing attacks aimed at specific individuals or organizations, often leveraging personal information to gain credibility.
			* '''Smishing (SMS Phishing)''': Phishing attacks conducted through text messages or SMS, often directing recipients to click on malicious links or respond with sensitive information.
			* '''Vishing (Voice Phishing)''': Cybercriminals use phone calls to impersonate trusted entities and manipulate victims into revealing confidential data.

			== Motives ==
			The motives behind phishing attacks can vary, but they often include:
			* '''Financial Gain''': Phishers may aim to steal banking credentials, credit card numbers, or conduct fraudulent transactions.
			* '''Data Theft''': Accessing sensitive data, such as corporate secrets or intellectual property, is a common objective.
			* '''Identity Theft''': Phishers may seek personal information for identity theft, leading to fraudulent activities on victims' behalf.

			== Prevention and Mitigation ==
			Preventing phishing attacks requires a combination of technical defenses and user awareness:

			=== Technical Defenses ===
			* '''Email Filtering''': Employing robust email filtering solutions to detect and quarantine phishing emails before they reach recipients' inboxes.
			* '''Multi-factor Authentication (MFA)''': Implementing MFA adds an extra layer of security, making it harder for attackers to gain unauthorized access.

			=== User Awareness ===
			* '''Education and Training''': Raising awareness and providing training to help individuals recognize phishing attempts and understand safe online practices.
			* '''Suspicion and Vigilance''': Encouraging users to be cautious and verify the authenticity of emails or messages, especially those requesting sensitive information or urgent actions.

			== Notable Incidents ==
			Several high-profile phishing incidents have had significant consequences, including data breaches, financial losses, and reputational damage.

			== See Also ==
			TBD

			== References ==
			TBD

			== External Links ==
			* [https://www.antiphishing.org/ Anti-Phishing Working Group (APWG)]
			* [https://www.cisa.gov/publications-library/cybersecurity-awareness-stakeholder-resources Cybersecurity Awareness Resources (CISA)]

Globalcyberalliance: Created page with "Placeholder"

2023-08-06T23:29:55Z

Created page with "Placeholder"

New page

Placeholder