Fishing usually involves the dangling of bait in a substantial body of water to entice and attract fishes to bite. When a fish take the bait, it usually gets reeled in at great personal cost, quite often its life.
Similarly, phishing is a social engineering attack in which users are tricked into biting the bait and revealing personal information which may result in identity theft, financial loss and compromised confidentiality of information. The most common baits used in phishing attacks are emails and websites; claiming to represent legitimate enterprises, making sincere requests to the unsuspecting email reader or web surfer. The next few articles in this series will define and describe the variety of attack categorized as phishing while examining some of the most common anti-phishing techniques used to mitigate these types of exploits.
Statistics show that phishing attacks though simple in design have increased exponentially in recent years. Phishing attacks exploit the often times weakest link in a business’ cyber defense, human behavior, and they continue to be quite successful. According to Mc Afee lab report published in August 2014, there has been almost a one million (1,000, 000) increase in the number phishing websites in the last year; however not only has the sheer quantity of attacks increased there has also been an increase in the quality and sophistication of the attacks being perpetrated.
Figure 1 – Increase in number of phishing urls Source: Mc Afee Labs, 2014
The increased use of digital media devices and social media platforms has served as a means fast-track phishing attacks. Figure 1 illustrates the increase in phishing URLs from the last half of 2012 to the first half of 2014.
This increase in attacks reinforces the needs for effective anti-phishing techniques, in addition to guidelines and fundamental training which may be used by the average technology user to help ward off and reduce the success of phishing attacks.
c.i.a bytes 
Leave a comment