Professional Documents
Culture Documents
Mendoza Individual Topic
Mendoza Individual Topic
PHISHING
➢ Phishing attacks involve the technique of delivering fake messages that seem to
be from a reliable source.
➢ It is normally done via email.
➢ The intention is to steal private information, such as credit card numbers and
login credentials, or to infect the victim's computer with malware.
• Deceptive phishing
➢ In deceptive phishing, the attacker tries to get the victims to provide sensitive
information. Attackers exploit the data to commit financial crimes or carry out other types
of offenses.
➢ Example: A fake email from a bank asking you to click a link and verify your account
details
• Spear phishing
• Whaling
➢ Whaling is the term for when attackers target a "big fish," such as a CEO.
➢ Attackers frequently invest a lot of time analyzing the victim to determine the best
time and method for acquiring login information.
➢ High-level executives' access to a lot of business knowledge makes whaling a
more serious problem.
➢ Example: Kaitlyn is the CFO in this potential whaling attack, and she is the target.
• Pharming
➢ User Education
➢ Everyone should be involved in phishing awareness.
➢ Educate everyone how to identify phishing emails and what to do if they encounter
one.
➢ Exercises that simulate phishing attacks are essential for assessing how you will
respond to one.
➢ Security Technology
➢ To decrease the number of attacks and lessen their impact when they do happen,
businesses must implement a layered strategy.
➢ The following network security technologies should be used: access control, malware
protection, email and online security, and malware detection.
Mobile Phone (iOS / Android attacks)
➢ Mobile phones today are far more popular than any other computing device. However,
mobile phone users tend to be unaware of the cyber threats they face. Therefore, it is very
easy for an attacker to compromise many mobile phones since users are unlikely to have
installed effective security tools.
➢ Recently, there have been numerous reports of mobile phone attacks on both Android and
iOS devices.
EXAMPLES
1. EXODUS
➢ This spyware is said to have awakened many mobile phone users of iOS devices.
➢ The spyware was initially only effective against Android phones, but an iOS variant
soon appeared.
➢ The hackers behind Exodus used a mobile operator-style app. This has attracted
users who want the app's promised quick and simple customer service.
➢ Some features of this spyware can collect user information, location information,
photos, and chat messages. This enables malicious people to commit identity theft
and open new accounts in others' names.
2. SENSOR ID
➢ In May 2019, University of Cambridge researchers discovered an unconventional
operating system fingerprinting attack targeting both iOS and Android devices.
➢ This attack could track a user's browsing activity on a particular device over time.
➢ Sensor ID, unlike other user fingerprinting attacks, cannot be undone by performing a
factory reset, deleting cookies, or switching browsers. This is what makes it particularly
effective.
3. IPHONE HACK BY CELLEBRITE
➢ It can access app data such as chats, emails, attachments, and previously deleted
data.
➢ Cellebrite said these services are meant only to help law enforcement find
incriminating evidence from suspects' phones through unconventional means.
5. MAN-IN-THE-DISK
➢ In August 2018, a new type of attack was reported that could crash Android phones.
➢ An attacker can observe how data is transmitted between your app and your external
storage space and modify that data to create inappropriate behavior in the app.
➢ It may also be used to allow hackers to execute malicious code by taking advantage
of the privileged contexts of attacked programs.
➢ Attackers can also use it to perform hidden installation of applications.
REFERENCES:
Compromising the System | Cybersecurity – Attack and Defense Strategies - Second Edition (oreilly.com)