What is phishing scams?
Phishing is the fraudulent attempt to obtain sensitive information such as
- Usernames
- Passwords
- Credit Card Information
- Misc information
Often used for malicious reasons by disguising as a trustworthy entity via electronic communications.
- Spear Phishing
- Phishing attempt directed at a specific individual or companies that have been termed spear phishing in contrast to builk phishing. Spear phishing attackers often gather and use personal information (kallador, old password, threatening email) about their target to increase their probability of success.
- Clone Phishing
- Phishing is a type of attack whereby a legitimate or previously deliver email containing an attachment or link has had its content and recipient address taken and used to create an almost identical or cloned email. (bank email looks legit, but contains bad links to bad places)
- Whaling
- The term whaling has been coined for spear phishing attacks directed specifically at senior executives and other high-profile targets. (I was a VIP Tech, I handled a lot of tech issues with SVP’s and CEO of of the company. I would get a call every once a week about a special email from the CEO to one of the SVP’s asking to paypal some money, they where pretending to be the CEO in this situation asking for a red flag item paypal as the CEO would never ask for this from any of the SVP’s) Senior Vice Presidents
- Red flags
- Stuff you don’t use (paypal, btc)
- Link manipulations
- Filter Evasions
- Social networks Evasions
- Website forgeries (banks, blizzard)
- Covert redirects (banks, blizzard )
- Social engineering
- Smishing – SMS Phishing
Email: keep your email client (outlook, thunderbird, etc.. ) updated.
Browsers: Keep your browser updated, if allowed install extensions such as “adblockers, script blocking, etc..” IE: Chrome->Adblock+ or uBlock Origins, no script for advanced stuff.
Don’t click on links directly, always hover over them to see if the link is legit and not something like
“bankofamerica.com.i.am.an.ding.donger.cw”
Anti-Viruses, they normally have a tool for such things phishing attempts.
Aug. 9-12th
Defcon -> PiraboxBOX on a Rasberry Pi 3b+ +logging of mac addresses of who connected.