1.2.3 Phone Phishing

Phone phishing is criminal activity [32] using the social engineering service often the use of telephone or mobile phone to accrue the sensitive or private information to make phishing financial profit, over 4000 cases of voice phishing are committed per year [4] and the cost per victim is over US$1000. The preparation for phishing includes getting ready for crime, recruiting telemarketers, and creating scripts. The next step involves randomly making international and Internet calls to many people.

Clone Phishing

In this case, the attacker is attempting to clone the online portal that often requests login credentials by imitating actual websites. He will also attempt to send the victim junk links via phishing emails. When the victim opens the phishing email and clicks on the spam link made by the attacker, it will redirect to a fake page made by the attacker when the victim is supposed to enter sensitive information like a user ID and password. This will allow the attacker to steal and save the credentials entered by the victim in a text file and database record on the attacker server, after which we will redirect the victim to the legitimate websites as an authenticated user.

1.2.5 Spear Phishing

A spear-phishing attack targeting a specific user may leverage information [33] such as his/her username and email address to craft an email that is personalized to the user. This spear phishing technique will certainly improve the success rate of the attack and techniques that can be leveraged by an attacker to find contextual information.

1.2.6 Whaling

This mainly targets high-profile employees of big organizations to excess highly confidential information [34]. It is also called CEO fraud, here hackers use social engineering to phish users to give away their bank credentials employee data, etc. These attacks are even difficult to detect as they do not use malware or fake websites
Impacts of Phishing Attacks
According to a study by Gartner, 51 million US Internet users have identified the receipt of e-mail linked to phishing scams and about 2 million of them are estimated to have been tricked into giving away sensitive information [31] Throughout the world, phishing attacks continue to evolve and gain momentum. In 2012, total phishing attacks increased by 160% over 2011, signifying a record year in phishing volumes. [14] In June 2018, the Anti-Phishing Working Group (APWG) reported as many as 51,401 unique phishing websites, another report by RSA estimated that global organizations suffered losses amounting to $10 billion due to phishing incidents in 2016 [13], These statistics have proven that the existing anti-phishing solutions and efforts are not truly effective. The most widely deployed anti- phishing solution is the blacklist warning system, found in conventional web browsers such as Google Chrome and Mozilla Firefox. The blacklist system queries a central database of already-known phishing URLs; thus, it is unable to detect newly launched phishing websites. Hillary Clinton presidential campaign chairman, John Podesta’s Google email account was “hacked” in March 2016 prior to the US election [35]. The hacker simply sent a phishing email to Protester’s Gmail account and lured him to disclose his login credentials. In the phishing email, Podesta had been invited to click on a link (i.e., Unified Resource Locator, so called “URL”) warning him to change his password immediately. However, the URL did not link to a secure Google web page, instead directing the user blindly via bit.ly, which is a service used to shorten URLs. Podesta hack didn’t require much technical skills. Instead, the hacker merely used social engineering techniques to make the attack successful the attack and techniques that can be leveraged by an attacker to find contextual information.