Curriculum
- 4 Sections
- 12 Lessons
- 6 Hours
- Social Engineering and Its motivations4
- Phishing Techniques and Attack Vectors5
- Legal and Ethical Implications of Social Engineering4
- Further Readings2
Curriculum
Fundamentals and Theoretical Basis
Phishing was the most common cyberattack type in 2020.
It is a form of cyber-attack where attackers impersonate legitimate entities to deceive individuals into providing sensitive information such as passwords, credit card numbers, or personal data. The success of phishing attacks often relies on social engineering tactics to manipulate victims into taking actions that compromise their security.
For example, in a phishing scam, attackers may trick victims into clicking on a link that will direct them to a fake website. The website will ask them to enter sensitive information like login credentials. Other scams direct victims to download attachments that will infect their system with dangerous malware or ransomware.
Unfortunately, any domain can become the victim of a phishing attack. This is because many people reuse the same username and/or password across multiple websites.
Why Phishing Occurs
Phishing attacks occur for various reasons, including financial gain, identity theft, espionage, and spreading malware. Cybercriminals often target individuals or organizations with the intent to steal valuable information or disrupt operations.
How Phishing Works
This is when attack vectors enter into play. Attack vectors are the ways an attacker can breach sensitive data or compromise an organization. Common attack vectors include social engineering attacks, credential theft, vulnerability exploits, and insufficient protection against insider threats. A major part of information security is closing off attack vectors whenever possible.
The process is:
- The attacker sends phishing mail to the target.
- Target (Victim) clicks on a phishing link and visits a fake website.
- Once on the phishing website, the hacker collects important credentials.
- The hacker uses the victim’s credentials to access private information and access the original website.
Many of today’s attackers use sophisticated schemes to target particular individuals or companies. They use skilful social engineering tactics to manipulate victims and steal their sensitive information.