| Refer -> [What is a phishing attack? | CloudFlare](https://www.cloudflare.com/en-gb/learning/access-management/phishing-attack/) |
Phishing is a social-engineering technique that tricks people into revealing sensitive information or installing a Trojan.
Common targets
- Credentials such as usernames, passwords, etc.
- Financial info.
- Personal data
Techniques used
- Spoofed email address or websites
- Urgent and threatening language
- Redirects to fake website
- Malware attachment
Types
- Spear-fishing : It targets specific individuals, who are researched and to whom the attack is personalised. It’s the first step to breaching a company’s defenses for major attacks.
- Smishing [SMS Phishing] : The scammer sends out fraudulent messages which contain malicious links.
- Vishing [Voice Phishing] : The scammer attacks via phone, impersonating organisations to gain sensitive info. or scam people.
- Pharming : Users are redirected to a malicious website where their info. is stolen. This is achieved using DNS cache poisoning or malware.
- Email phishing : Attackers send emails impersonating trusted entities. These emails include links to fake websites or malware.