Phishing

Phishing is a type of cyber attack in which users are induced to share their personal and sensitive information through fraudulent means. In this, attackers use fake websites, emails, or messages to deceive users into sharing their login details, passwords, credit card information, or other confidential data. Phishing attacks are generally designed to look like legitimate communications from real entities or websites, making them more likely to deceive users.

The process involves identifying a target, creating a fake communication (email, SMS), using a fake website or link to trick the user into entering their information, and then misusing that data for financial fraud, identity theft, or other criminal activities.

The document explains various types, including Email Phishing, Spear Phishing (targeted), Whaling (targeting high-level executives), Smishing (via SMS/WhatsApp), Vishing (via phone), and Clone Phishing (copying a legitimate email with malicious links).

Impacts: Financial loss, identity theft, misuse of personal information, and corporate security breaches.

Prevention: Be cautious with suspicious emails, carefully check URLs, use Multi-Factor Authentication (MFA), use anti-phishing tools, be aware of social engineering, and use a password manager.