Name: Phishing and its Variants
Uploaded: 2023-03-20T14:40:11Z
Duration: 6 min 16 s
Description: Find out how to define different phishing attacks, including spear phishing and whaling. Phishing is one of the most common and obvious cyber attack vectors.

Strong cybersecurity practices are essential to every organization, be it a school, hospital, or company. These videos review common cybersecurity strategies, as well as common threats and how to identify them.

Cybersecurity

Find out how to define different phishing attacks, including spear phishing and whaling. Phishing is one of the most common and obvious cyber attack vectors.

Phishing and its Variants

OK, let's begin with one of the most common and obvious attack vectors, and that is phishing. P H I S H I N G, "Phishing attacks". It's a cyber attack that uses disguised email as a vector and the goal is to trick the recipient into believing that the message is legitimate to the click a link or download an attachment. This can happen in corporate email, personal email, web mail, any form of electronic mail.

Email phishing attacks or hoaxes are one of the most common exploit vectors available to crackers. There's different variants of phishing, for example, "Spear phishing" is when you target certain employees. For example, someone in the finance department or the accounting department, maybe a database administrator or a server administrator or a low level employee, there might be more likely to respond to a social engineering attack like a receptionist or a secretary.

Now, taking spear phishing to the next level is "Whaling". That's where you're going to target high level employees. For example, someone from the C suite or the C team, you know, the CEO, the CIO, the chief financial officer, CFO or senior management. It could be somebody on the board of directors. Then we have "Vishing" with a V. "Vishing" uses the same process as phising. However, it targets cell phones, telephones and voiceover IP systems. It uses that as the vector instead of email.

Often we call the attacker a visher, V I S H E R and the Visher may call spoofing the collection agency or claiming to be a lawyer trying to get personal information or personal health information or intellectual property. "Smishing" is all of the above, except we're using SMS texting as the vector, Instead of email or a telephone. There are some key indicators to look for in email and web mail to identify phishing attacks. You might see "Vague salutations", for example, dear valued customer or dear employee suspicious-looking domain names, display names.

For example, the company name is actually farther down into the url path or the domain is a common misspelling. You wouldn't look carefully at all of the text in the url path. Often companies will not register the wildcard domain. For example, asterisk, dot whatever dot com and phishers can use modified URLs to trick people into clicking on the links or typing those into the address bar. When you move or hover your mouse over hypertext links, If you look down at the bottom, you might see indicators of wrong information or actually just a random IP version for address.

Historically, phishing attacks would have awkward grammar and misspelled words. For example, somebody wrote the phishing email and English wasn't their first language. However, with tools like Grammarly this is becoming a lot less common. Sometimes the subject line of an email phishing attack has urgent or intimidating phrases like you must act immediately or attention or urgent.

There's often a lack of legitimate contact information in a phishing email as well, along with spoofed headers and logos and corporate graphics. One of the most prevalent types of phishing attacks is will be called "BEC" "Business E-mail Compromise". This is a form of attack that targets companies who outsource, conduct wire transfers and have suppliers abroad. They often target corporate email accounts of high level employees. They're either spoofed or compromised through tools known as keyloggers or other phishing attacks to perform fraudulent transfers.

In 2016, BEC attacks led to an average of $140,000 in losses for companies globally, and they can be ingenious in spoofing real internal e-mail accounts. "Common BEC Schemes" would be "Phony invoices and transfers". Companies with foreign suppliers are often targeted with this tactic. Fraud of the CEO or the "C-suite" or "C-Team", where an attacker will spoof a company's CEO or a CFO and send an email to employees in particular departments, for example, finance or accounting requesting a money transfer.

Obviously, "Email or webmail account compromise". Companies often do phishing campaigns in their own companies to further train and raise security awareness for their employees so they don't respond to the BEC schemes. They may impersonate attorneys or members of a legal team or a law firm. They may say they're in charge of critical and confidential information and "Data theft of personally identifiable information (PII)", personal health information, PHI and intellectual property. This information may be reconnaissance or information gathering that's going to be used in a future advanced persistent threat.

Finally, we have "Pharming". "Pharming" is a blend of the words "phishing" and "farming". And it describes a type of cybercrime that's like phishing with farming. A Web site's traffic is manipulated or spoofed and confidential information is stolen. Attackers may install a virus or a trojan on a target that changes the computer hosts file to direct traffic away from its intended target and toward a fake or hoax web site.

Crackers may also poison a DNS server to redirect multiple users to unintentionally go to the fake site, which in turn can be used to install malware on the victim's computer. For the exam, remember that pharming has to do with name resolution or DNS.

Join us for an assortment of livestreams where we cover topics such as interview prep, introductions to programming languages, project walkthroughs  — and so much more!

All Livestreams

There is a lot of excitement around AI, but what is it and how could it be relevant to your career? Watch these videos to learn the basics of AI and Machine Learning.

Artificial Intelligence

Augmented reality is alive and well. Learn how to make your first AR experience using the popular web framework A-Frame — with guidance from our Curriculum Developers.

Augmented Reality

Learn how to build a Web Dev Portfolio with Codecademy.

Building a Web Dev Portfolio

No matter what your coding goals are, the best place to start is by building a strong foundation. In this live series, we learn Computer Science fundamentals that are similar to content you’d see in a first-semester CS101 college course.

CS101

Cloud computing and its related services have unlocked seemingly endless possibilities for organizations with an online presence. These videos give an overview of what cloud computing is and what business considerations are made when adopting cloud tools.

Cloud Computing

Welcome to the Community Club & Study Group Events playlist, which are hosted by our incredible Club Captains. This collection features a series of engaging and informative events hosted by our dedicated Club Captains from around the globe. Whether you're interested in Web Development, Python programming, or simply want to connect with tech enthusiasts from different cities, this playlist has something for everyone.

Explore sessions from vibrant cities like Seoul and New York City, where our Club Captains share their expertise and insights on a variety of topics. Each event is designed to help you expand your knowledge, enhance your skills, and connect with a community of like-minded individuals.

Join us as we dive into the world of technology, learn from industry experts, and get inspired by the innovative projects and discussions led by our passionate Club Captains. Don't forget to subscribe and hit the notification bell to stay updated on the latest events and content!

Happy learning and coding!

Community Club & Study Group Events

A playlist of Quick Tip videos for Codecademy Chapter Leaders.

Community: Chapter Leader Quick Tips

Join our Chapters for live conversations on various topics — including NFT art and how to break into a technical field.

Community: Chapters

We think that connecting with other learners is the best way to learn. Explore some of our past community-led events here!

Community: Events

Hackathons are a great way to test your knowledge and flex your skills. Check out our hackathon presentations here.

Community: Hackathon

Explore the world of creative coding with p5.js, an open-source JavaScript library. We'll create drawings, animations, and video sculptures in this beginner-friendly series.

Creative Coding with p5.js

Companies can collect vast amounts of data and struggle to properly use it. Data Analytics is used to interpret and communicate relevant patterns of data for a business. These videos explore how companies utilize data analytics, and current popular tools.

Data Analytics

Data Science is used in a variety of ways to help businesses make decisions. In these videos we explore data science best practices, considerations for what tools to use, and the basics of machine learning.

Data Science

How data is presented can be as important as how it is collected. These videos explore foundational strategies and best practices to ensure that your data visualizations are meaningful and accurate.

Data Visualization

There are a lot of terms and acronyms in the world of programming. Explore the definitions of common terms used in popular languages and frameworks.

Definitions

DevOps is a series of practices that fosters a culture of collaboration between the Development and Operations team in software development. This playlist explores the benefits of DevOps, and how it is practiced in organizations.

DevOps

An understanding of Github and Git commands is essential for anyone looking to work in a collaborative software development space. These videos explore the features of Git, as well as branching and merging, two of the most important skills for collaborating on Github.

Developer Tools

HTML and CSS lie at the heart of web development. We explore some of their uses with these tutorials and explainers.

HTML & CSS

Preparing for a career in a technical field? Check out these interview tips — including advice on building a portfolio and showcasing your skills.

Interview Prep

Emojicode is a real programming language with a playful emoji syntax in place of traditional programming keywords. Learning it can bring some smiles and fun to your programming journey. Join us for an introduction to this silly language.

Intro to Emojicode

TypeScript builds on your JavaScript foundation so you can develop higher-quality, less error-prone code faster. Learn more about this in-demand language as Codecademy Curriculum Developers guide us through an introduction.

Intro to TypeScript

JavaScript has many functionalities, from web development to gaming applications. We break down the programming language and explain how it works with these tutorials.

JavaScript

From Product Manager to Data Scientist, we take a look at different careers in tech and what these roles entail.

Jobs in Coding

Experience a full day of learning to code with interactive instruction and guided discussions by the Curriculum team at Codecademy.

Learn From Home Day

See how people around the world are reshaping their lives by learning to code.

Learner Stories

Linear regression is a fundamental machine learning algorithm used for predictive modeling and data analysis. Learn more about it as Codecademy Curriculum Developers guide you through our course: Linear Regression in Python

Linear Regression with Python

Machine learning is one of the fastest expanding fields in tech, with applications in all parts of life. Watch these videos to learn the basics of Machine Learning.

Machine Learning

Almost everything we do creates data, and knowing how to investigate and communicate it is key. Our Curriculum Developers show us how to summarize data and run hypothesis tests following our Skill Path: Master Statistics with Python.

Master Stats with Python

Mobile development is a massive field with a variety of unique tools. These videos explore two essential tools for mobile developers, the Android operating system and Flutter software development kit.

Mobile Development

Official Codecademy Events

Whether you’re solving for skill gaps, building a more innovative and resourceful team, or aiming to onboard quickly, Codecademy Teams helps your whole company build the right tech and professional skills to quickly adapt to industry shifts and meet changing business needs.

Product Demos

Since its release in 1994, Python stands tall as many developers’ favorite programming language. Explore its many capabilities with these livestreams and tutorials.

Python

The R language is a popular tool for Data Analysts. Learn more about this free, open-source programming language with these livestreams.

We asked recruiters in our community to share advice for people navigating the job-hunting process — from tips for optimizing your resume to advice on acing the technical interview.

Recruiter Advice

We show you how to get started on your coding projects — from setting up developer tools to pushing your code to GitHub.

Setting Up

Just starting out on your coding journey? We’ve gathered tips for helping you start — including advice on how to choose your first programming language and how to remember everything you’re learning.

Tips

Our Curriculum Developers will lead you on a journey as you go from complete beginner to proficiency with data visualization, using Python. This is a weekly series that will lead you through our entire Visualize Data with Python Skill Path.

Visualize Data with Python

Web Design includes any skills used to create and maintain a website. These videos explore the foundational web design skills of adding styling to a website with CSS and HTML, as well as best practices in responsive web design.

Web Design

Join the millions learning to code with Codecademy.

Welcome to Codecademy

You know all of those app ideas you’ve been wanting to create? Swift and SwiftUI can help you bring them to life for iOS. Learn how to build your very own iPhone app from start to finish in this live series.

Phishing and its Variants

More videos

Learn more on Codecademy

Introduction to Cybersecurity

Cybersecurity for Business

Resources

Support

Resources

Support

Plans

Community

Subjects

Languages

Career building

Mobile

Mobile