Phishing is a form of social engineering that attempts to steal sensitive information. An attacker’s goal is to compromise systems to obtain usernames, passwords, and other account and/or financial data. They most frequently accomplish phishing attacks via email. The attacker sends crafted emails to people within an organization. The email usually pretends to be from someone trustworthy, like your bank, UPS/FedEx, a credit card company or an airline, or some other site for which you may have login credentials. The email includes a link to an “official” website that is actually a fake site operated by the attacker

Once the user visits the fake site, they may be asked overtly to enter account information such as usernames, passwords, credit card details, social security or bank account numbers. The victim may also be exposed to malware by the fake site. Taking advantage of a variety of vulnerabilities in the browser, the attacker may be able to install a Trojan Horse on the user’s computer. If done correctly, the attack can capture sensitive information without the victim even knowing that they have been compromised.

Emails claiming to be from organizations Who can phish u 1-Emails from people you know claiming to be stranded in a foreign country, asking you to wire money so that they can travel home. 2-Emails claiming to be from reputable news organizations capitalizing on trending news. Emails claiming to be from organizations 3-Emails threatening to harm recipients unless sums in the thousands of dollars are paid.

types of phishing attacks 1-Malware-Based Phishing refers to scams that involve running malicious software on users' PCs. 2-Web Trojans pop up invisibly when users are attempting to log in. They collect the user's credentials locally and transmit them to the phisher. 3-Deceptive Phishing:{ The term "phishing" originally referred to account theft using instant messaging but the most common broadcast method today is a deceptive email message}. Messages about the need to verify account information, system failure requiring users to re-enter their information, fictitious account charges, undesirable account changes, new free services requiring quick action, and many other scams are broadcast to a wide group of recipients with the hope that the unwary will respond by clicking a link to or signing onto a bogus site where their confidential information can be collected.

Phishing can take many forms and can be achieved with many tools and techniques. Here, we highlight the most common tools and techniques that are used to carry out phishing scams **Link Manipulation: 1-Use of Sub-Domains For nontechnical users who may not be familiar with sub-domains, this trick works like magic for the hacker, Consider for example, you get an email from a renowned xyz bank that asks for your credentials and requests you to click on the URL www.xyzbank.user.com. A nontechnical person will consider that the link would direct to a “user” section of the xyz bank

2-Hidden URLs Another commonly used link manipulation technique is when a phisher hides the actual URL under plain text. This means that rather than displaying the actual URL,

Phishing tools: 1-super phisher 2-phishercreator 3-SpearPhisher 4-Ninja Phishing Framework 5-Aurora Phishing

Tips to Prevent Phishing Attacks 1. Learn to Identify Suspected Phishing Emails There are some qualities that identify an attack through an email: They duplicate the image of a real company. Copy the name of a company or an actual employee of the company. Include sites that are visually similar to a real business. Promote gifts, or the loss of an existing account.

2. Check the Source of Information From Incoming Mail 3 2. Check the Source of Information From Incoming Mail 3. Never Go to Your Bank’s Website by Clicking on Links Included in Emails 4. Enhance the Security of Your Computer: a-keeping your computer protected with a good antivirus to block this type of attack. B-you should always have the most recent update on your operating system and web browsers

5. Enter Your Sensitive Data in Secure Websites Only In order for a site to be ‘safe’, it must begin with ‘https://’ and your browser should show an icon of a closed lock. 6. Periodically Check Your Accounts It never hurts to check your bank accounts periodically to be aware of any irregularities in your online transactions.

7. Phishing Doesn’t Only Pertain to Online Banking Most phishing attacks are against banks, but can also use any popular website to steal personal data such as eBay, Facebook, PayPal, etc 8-Most legitimate e-mails will address you by your full name at the beginning of the message. If there is any doubt that the e-mail is legitimate, be smart and don't enter your information. Even if you believe the message is valid, following the guidelines above will prevent you from giving phishers your personal information

Super phisher

Super phisher

Done by : Marwa Alawneh Duaa Abu rumman