Phishing 

is a type of cybersecurity attack that attempts to obtain data that are sensitive like Username, Password, and more. It attacks the user through mail, text, or direct
messages. Now the attachment sends by the attacker is opened by the user because the user thinks that the email, text, messages came from a trusted source. It is a type of Social
Engineering Attack. For Example, The user may find some messages like the lottery winner. When the user clicks on the attachment the malicious code activates that can access
sensitive information details. Or if the user clicks on the link that was sent in the attachment they may be redirected to a different website that will ask for the login credentials of the
bank.
Types of Phishing Attack :
1. Spear Phishing –
This attack is used to target any specific organization or an individual for unauthorized access. These types of attacks are not initiated by any random hacker, but these attacks
are initiated by someone who seeks information related to financial gain or some important information. Just like the phishing attack spear-phishing also comes from a trusted
source. This type of attack is much successful. It is considered to be one of the most successful methods as both of the attacks(that is phishing and spear-phishing) is an online
attack on users.
2. Clone Phishing –
This attack is actually based on copying the email messages that were sent from a trusted source. Now the hackers alter the information by adding a link that redirects the user to
a malicious or fake website. Now, this is sent to a large number of users and the person who initiated it watches who clicks on the attachment that was sent as a mail. This
spreads through the contacts of the user who has clicked on the attachment.
1. Catphishing –
It is a type of social engineering attack that plays with the emotions of a person and exploits them to gain money and information. They target them through dating sites. It is a type
of engineering threat.
2. Voice Phishing –
Some attacks require to direct the user through fake websites, but some attacks do not require a fake website. This type of attack is sometimes referred to as vishing. Someone
who is using the method of vishing, use modern caller id spoofing to convince the victim that the call is from a trusted source. They also use IVR to make it difficult for the legal
authorities to trace, block, monitor. It is used to steal credit card numbers or some confidential data of the user. This type of phishing can cause more harm.
3. SMS phishing –
These attacks are used to make the user revealing account information. This attack is also similar to the phishing attack used by cybercriminals to steal credit card details or
sensitive information, by making it look like it came from a trusted organization. Cybercriminals use text messages to get personal information by trying to redirect them to a fake
website. This fake website looks like that it is an original website.
As android phones or smartphones are mostly used by the user, cybercriminals use this opportunity to perform this type of attack. Because they don’t have to go through the trouble
of breaking firewalls and then accessing the system of the user to steal data.
Symptoms of the phishing :

 It may request the user to share personal details like the login credentials related to the bank and more.

 It redirects to a website if the user clicks on the link that was sent in the email.

 If they are redirected to a website it may want some information related to the credit card or banking details of the user.
Preventive measures of phishing :

 Do not try to open any suspicious email attachments.

 Do not try to open any link which may seem suspicious.

 Do not try to provide any sensitive information like personal information or banking information via email, text, or messages.

 Always the user should have an antivirus to make sure the system is affected by the system or not.
A sniffing attack in system hacking is a form of denial-of-service attack which is carried out by sniffing or capturing packets on the network, and then either sending them repeatedly to
a victim machine or replaying them back to the sender with modifications. Sniffers are often used in system hacking as a tool for analyzing traffic patterns in a scenario where
performing more intrusive and damaging attacks would not be desirable.
Sniffing Attack:
A sniffing attack can also be used in an attempt to recover a passphrase, such as when an SSH private key has been compromised. The sniffer captures SSH packets containing
encrypted versions of the password being typed by the user at their terminal, which can then be cracked offline using brute force methods.

 The term “sniffing” is defined in RFC 2301 as: “Any act of capturing network traffic and replaying it, usually for the purpose of espionage or sabotage.”

 This definition is not accurate for UNIX-based systems, since any traffic can be sniffed as long as either the attacker has access to network interfaces ( NIC) or modifies
packets that could not be altered in transit. Sniffing can be performed using a special program like tcpdump, tcpflow, or LanMon that is connected to a port over which the packets
can be inspected remotely.

 Another sniffing attack called ARP spoofing involves sending forged Address Resolution Protocol (ARP) messages to the Ethernet data link layer. These messages are
used to associate a victim machine’s IP address with a different MAC address , leading the targeted machine to send all its traffic intended for the victim through an attacker-
controlled host.

 This is used to both hijack sessions and also cause flooding of the network via a denial-of-service attack (see Smurf attack).
Every IP packet contains, in addition to its payload, two fields: an IP header, and an Ethernet header encapsulating it. 

 The combination of these two headers is often referred to as a “packet” by those who work with internet communications. An attacker can, therefore, view and modify
an IP packet’s IP header without having to see its payload. 

 The Ethernet header contains information about the destination MAC address (the hardware address of the recipient machine) and the Ether Type field contains a
value indicating what type of service is requested (e.g., precedence or flow control).

 The Ether type could be “0xFFFF”, indicating that no service fields were included for the Ethernet frame. This was used in Cisco’s implementation prior to version 8.0.
  

Key Points:
There are a number of different methods that an attacker can use to perform ARP spoofing. They include:

 The attacker has access to the “ARP cache” on their infected machine, which also contains other machines’ MAC addresses, but who do not have or are not using the
same IP addresses as other machines with the same MAC addresses in their ARP caches. 

 The attacker does not know what method the other machines use for keeping a table of MAC addresses, and so simply sets up a network with many duplicate entries.

 The attacker sends out forged ARP messages, trying to associate their infected machine with another machine’s MAC address .
Countermeasures: 
There are a number of ways that the attacker can be prevented from using these methods, including:

 ARP spoofing is not a very effective attack, except in networks that are poorly secured. 

 In order for an attacker to use this method as a form of masquerading, they must be able to send packets directly to the network (either through access to  Wi-Fi or by
finding a security flaw). Because of this, the attacker’s IP address  is likely to become known very quickly.

 A sniffing attack is a form of attack where the attacker tries to access certain data over the network and sniffing is used as an essential task in capturing data. The term
“sniffing” comes from the action of sniffing or smelling. The attacker gets hold of this information by using special software called “network analyzer”.

 Sniffing in Hacking:  it is considered to be an intrusion on your computer system without permission, without your knowledge, and without legal authorization. It’s
called hacking, which can be performed by several methods.

What is Spoofing in Cyber Security?

 Difficulty Level : Easy

 Last Updated : 08 Mar, 2022

 Read

 Discuss

Spoofing is a completely new beast created by merging age-old deception strategies with modern technology. Spoofing is a sort of fraud in which someone or something forges the sender’s identity and
poses as a reputable source, business, colleague, or other trusted contact in order to obtain personal information, acquire money, spread malware, or steal data.
Types of Spoofing:
 IP Spoofing

 ARP Spoofing

 Email Spoofing

 Website Spoofing Attack

 DNS Spoofing
IP Spoofing:
IP is a network protocol that allows you to send and receive messages over the internet. The sender’s IP address is included in the message header of every email message sent (source address). By altering
the source address, hackers and scammers alter the header details to hide their original identity. The emails then look to have come from a reliable source. IP spoofing can be divided into two categories.

 Man in the Middle Attacks: Communication between the original sender of the message and the intended recipient is intercepted, as the term implies. The message’s content is then
changed without the knowledge of either party. The attacker inserts his own message into the packet. 

 Denial of Service (DoS) Attacks: In this technique, the sender and recipient’s message packets are intercepted, and the source address is spoofed. The connection has been seized. The
recipient is thus flooded with packets in excess of their bandwidth or resources. This overloads the victim’s system, effectively shutting it down.
Drawback:
In a Man-in-the-middle attack, even the receiver doesn’t know where the connection got originated. This is completely a blind attack. To successfully carry out his attack, he will require a great deal of
experience and understanding of what to expect from the target’s responses.
Preventive measures:
Disabling source-routed packets and all external incoming packets with the same source address as a local host are two of the most frequent strategies to avoid this type of attack.
ARP Spoofing: 
ARP spoofing is a hacking method that causes network traffic to be redirected to a hacker. Sniffing out LAN addresses on both wired and wireless LAN networks is known as spoofing. The idea behind
this sort of spoofing is to transmit false ARP communications to Ethernet LANs, which can cause traffic to be modified or blocked entirely.
The basic work of ARP is to match the IP address to the MAC address. Attackers will transmit spoofed messages across the local network. Here the response will map the user’s MAC address with his IP
address. Thus attacker will gain all information from the victim machine.  
 Preventive measures:
To avoid ARP poisoning, you can employ a variety of ways, each with its own set of benefits and drawbacks. Static ARP entries, encryption, VPNs, and packet sniffing are just a few examples.

 Static ARP entries: It entails creating an ARP entry in each computer for each machine on the network. Because the machines can ignore ARP replies, mapping them with sets of static IP
and MAC addresses helps to prevent spoofing attempts. Regrettably, this approach can only defend you from some of the most basic attacks.

 Encryption: Protocols like HTTPS and SSH can also help to reduce the probability of an ARP poisoning attempt succeeding. When traffic is encrypted, the attacker must go through the
extra effort of convincing the target’s browser to accept an invalid certificate. Any data sent outside of these standards, however, will remain vulnerable.

 VPN: Individuals may find a VPN to be reasonable protection, but they are rarely suitable for larger enterprises. A VPN will encrypt all data that flows between the client and the exit
server if it is only one person making a potentially unsafe connection, such as accessing public wifi at an airport. Since an attacker will only be able to see the ciphertext, this helps to keep them safe.

 Packet filters: Each packet delivered across a network is inspected by these filters. They can detect and prevent malicious transmissions as well as those with suspected IP addresses.