Phishing 101

So what is Phishing?

A phishing attack is part of the social engineering family where a malicious actor attempts to steal important information from the victim. Some examples of the important information include:

1. Login credentials 
2. OTPs
3. Personal Information
4. Banking Information
5. Banking details
6. Debit card/ Credit Card Details, etc
1. The fake website method, in which a malicious actor creates a phony website to impersonate an actual website, like a bank, and capture information like login credentials. 2. Using Wireshark to perform man-in-the-middle attacks, in which important information sent as traffic from the victim to a legitimate website is captured by a malicious actor. 3. Impersonating a real person or an entity, via email or sms, to communicate with the victim, in which he/she is will be duped into giving important information to the malicious actor.

Phishing Attack Demonstration

A demonstration of a phishing attack is shown below. An evil twin attack was conducted whereby a malicious actor created a fake wifi access point mimicked a legitimate network to trick users into connecting to it.

Suspicious URL
Phishing URL

How to protect yourself against phishing attacks

As shown in the demonstrations, an attacker could carry out a phishing attack easily. Next time, when browsing through the internet, stay vigilant to keep yourself safe from phishing attacks. Here are some tips to protect yourself against phishing attacks:

1. Do check the URL of the website to ensure the URL is that of the actual entity (e.g., Singapore Police Force). 2. Ensure that the website is secured (e.g. HTTPS instead of HTTP). 3. Contact the relevant governing bodies to verify the legitimacy of what you received from them if you feel something is amiss. 4. Visit [ScamAlert](https://www.scamalert.sg/) for more information on scams.
  1. Thura, for writing the blog post.
  2. Josh, for writing the blog post.

References

Singapore Police Force

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
N0H4TS

N0H4TS

Start as an Apprentice, and become a Master.