All About Identity and Access Management
An open forum to share views about Identity Management, Access Management and Access Governance.
Phishing attack
A phishing attack is a practice of sending emails that appear to be from trusted sources with the goal of gaining personal information or influencing users to do something. It could involve an attachment to an email that loads malware onto your computer. It could also be a link to an illegitimate website that can trick you into downloading malware or handing over your personal information.
Types of Phishing Attacks:
Vishing: Phishing done over Voice calls.
Smishing: Phishing done through SMS.
Search Engine Phishing: Search engine phishing is the type of phishing that refers to the creation of a fake webpage for targeting specific keywords and waiting for the searcher to land on the fake webpage.
Spear Phishing: spear phishing is typically targeted in nature, and the emails are carefully designed to target a particular user.
Whaling: This targets specifically high profile employees like CEO or CFO.
Mitigations for Phishing Attacks:
Analysing email headers.
Hovering over the links.
Using updated Antivirus.
Verify Sites Security.
Using Firewalls.
Using Anti-Phishing Toolbar.
Not to trust anyone blindly.
Look for spelling mistake