Social engineering is an attack vector that relies heavily on human interaction and often involves manipulating people into breaking normal security procedures and best practices in order to gain access to systems, networks or physical locations, or for financial gain. Threat actors use social engineering techniques to conceal their true identities and motives and present themselves as a trusted individual or information source.
Phishing is a among the most popular social engineering attacks. Phishing is when a malicious party sends a fraudulent email disguised as a legitimate email, often purporting to be from a trusted source. The message is meant to trick the recipient into sharing personal or financial information or clicking on a link that installs malware.
Some other forms of phishing are ‘vishing’ (voice phishing), ‘smishing’ (SMS Phishing) etc, and cybercriminals constantly come up with several new techniques.
Spear Phishing, is a type of phishing in which a small, focused, targeted attack is conducted via email on a particular person or organisation with the goal to penetrate their defences. The spear phishing attack is done after research on the target and has a specific personalised component designed to make the target do something against their own interest. This mechanism is used in capturing confidential corporate data.
The phishers are becoming more and more sophisticated in designing their phony websites. A spoofed website tries to steal your account password or other confidential information by tricking you into believing you’re on a legitimate website. For example, phishers would create spoofed URL such as
Original URL : facebook.com
Spoofed URL : facebo0k.com (zero in place of a letter o)
Some phishers take advantage of human errors while typing in the URL. The high probability error characters are identified and a corresponding phishing website made. The pages of both original and duped websites may look similar, where in users enter the data as they would do in original site.
Preventing latest Phishing Attacks:
- Always double check the URL before clicking.
- Have complicated passwords for all your online accounts.
- In case of doubt, enter fake password and login.
- Use browsers which have anti phishing plugins by default.
- Always be leery of mysterious pop-ups asking login credentials.
- Stay updated with the latest phishing attacks and prevention tools.
Logix is one of the leading IT company to deliver Email Security from its private cloud Infrastructure with our core competency in securing over half a million mailboxes. Logix Cloud Email Advanced Threat Protection (ATP) enables Organizations to combat Advanced Malware (known and unknown Malware), Spear-phishing, Domain Impersonation/ Domain Spoofing, Zero day, Whaling, Ransomware, Crypto ware, Business Email Crime(BEC) attacks with its multi layered , multi-tiered Security approach using the multiple threat intelligence detection & prevention tools.