Phishing theory

Types of Phishing (Explain a paragraph or 3 to 6 lines for each)

· Phishing through search Engines

· Vishing

· Smishing

· Key logger

· Social Engineering

· Domain spoofing

· Website forgery

· Trojan

· Malware

· Ransomware

· Malvertising

· Spear Phishing

· Session Hijacking

· Content injection

· Link Manipulation

· Whaling

· Email/spam

· Web based delivery

Root Cause or reason for phising (Explain a paragraph or 3 to 6 for each)

· Identity theft

· Financial Gain

· Password harvesting

· Gain recognition

· Exploit security hole

· Brand Tarnishing

· Data theft

Causes of Phising (Explain a paragraph for each)

· Security Flaws

· Weak passwords

· Non secure desktop

· No user awareness

· Weak auth or no MFA

· Access control list

· Software not up to date

· Browser Vulnerabilities

· Open ports and misconfigured services exposed to internet

· Poor endpoint detection

Detection of Phishing (Explain a paragraph for each)

· Domain name detection

· Language Used

· UI Detection

· Signature

· Tools to detect

· Suspicious attachments

· Suspicious links

· Message with sense of urgency

· Awareness creation

· Unbelievable deals and Offers

Prevention of Phising (Explain a paragraph for each)

· Enforcing strong passwords

· Implement MFA

· Creating security awareness programs

· Monitoring open RDP ports

· Hardening conditional access policies

· Security policies

· Avoiding clicking links and attachments

· Spam Guarding

· Install anti virus , anti spam software