GENERIC PHISHING

PHISHING IS A FORM OF SOCIAL ENGINEERING WHERE THE ATTACKER PRETENDS TO BE SOMEONE OR AN ENTITY THAT PEOPLE TRUST IN ORDER TO STEAL PEOPLES’ INFORMATION.

Phishing is a form of social engineering where the attacker pretends to be someone or an entity that people trust in order to steal peoples’ information. Attackers are now creating general websites that harvest user’s information. For example, a common attack is to spam victims with emails stating that their personal pictures are posted on a website, and they have to create a login and password to access their photos.

The goal is to get a victim to visit the site, and then create a login and password. Since most people use the same password for all their accounts including their Facebook account, the attacker uses the harvested username and password to login to victim’s other accounts. Facebook reports that these stolen credentials work 50% of the time. This means half of the users are using the same login and password for multiple sites including Facebook, and attackers are taking advantage of that.

Tip: Be aware of Phishing attacks and use different strong passwords for different accounts.