Phishing and Spam

Cybersecurity Forensics Lesson 2.2.3

---

Phishing

• An attempt to gain sensitive information through fraudulent means such as a link or soliciting a response via email, text, or other messaging
• Usernames
• Passwords
• Credit card details
• Bank credentials
• And more
• Categorized as a type of social engineering that takes advantage of human behaviors

Advancements in Phishing

• Phishing has evolved from the older emails promises large sums of money to include new tactics such as:
• Voice phishing or vishing which can be done with a real voice, digitally altered voice, or AI
• Eliciting personal information in a covert way, perhaps even to use in follow attempts
• Pretending to be legitimate organizations such as the IRS, warranty companies, or companies known for giving away prizes
• SMS phishing or smishing via text since messaging has become ingrained in society

Types of Phishing

• Phishing not only occurs through different types of media, such as text, email, etc., but also varies on who it targets.
• Spam targets massive amounts of users with the hope that a fraction of them will fall victim.
• Spear phishing is directed at a specific target that has usually been under recon from the malicious actor.
• Whaling is phishing directed at high profile targets such as a CEO or high-ranking officials.
• Clone phishing is using a legitimate email address to send a cloned email that contains a malicious link or attachment.