Phishing sites
Phishing is another technique that attackers commonly employ to compromise sensitive information. Phishing is a process of attempting to acquire sensitive information by masquerading as a trustworthy entity. Phishing can be used as an open attack or targeting attack. When a targeted attack is conducted on an organization or a user, then the attack is known as spear phishing. We have discussed various ways that attackers use phishing techniques and tools in the Social engineering section of Chapter 4, Techniques that Attackers Use to Compromise Privacy. The first-ever known phishing attack was reported in 1996, but a paper published in 1987 by the HP user group described a phishing technique 10 years before the real attack took place. Interestingly, in over 90% of successful data breaches, phishing is involved in some way according to the well-known security research company, KnowBe4. Phishing has over three and a half decades of history and has been constantly evolving...
