Phising

...

Description

Phising it a technique used by the malicious actors to convince you to give up some personal information.It could be usernames, passwords,credit card info,etc.

Phising can be accomplished through making fake web-pages of social networking sites like Facebook, Instagram,etc. or websites that provide financial services,like PayPal,etc.

According to a report on malicious attacks, phising attacks account for 1/3rd of the total attacks.
When phising is done over phone it is called Vishing(V stands for voice).

SPEAR PHISING

When phising is targetted towards a specific individual or group of individuals, then this type of phising is called Spear Phising. As this is a targetted attack, it makes it more believable for the individual/s and therefore there are more chances for them to fall for the attack. The attacker could make the victim click on a link, or give up their personal info.

WHALING

If in a spear phising attack, an attacker goes after a specific individual who is a higher authority in a company/organization then it is called Whaling.

Whaling attacks are often successful because attackers are willing to devote extensive time and effort to constructing these campaigns due to their potentially high returns. As a result, threat actors conduct in-depth research on victims in order to make their fraudulent emails seen as real as possible

An instance of whaling attack occured when John Podesta, Chairman of Hillary Clinton's presidential campaign, received a phishing email on March 19, 2016, sent by Russian operatives purporting to alert him of a "compromise in the system", and urging him to change his password "immediately" by clicking on a link. Upon clicking the link, he successfully fell for the attack and all the sensitve information was leaked on the internet.