Phishing(N/A)
A social engineering attack where attacker impersonates a trusted entity to trick users into revealing sensitive information.
What is Phishing?
In one sentence: When hacker pretends to be a trusted company or person and tricks you into giving them your password or information!
Imagine you get an email from "Bank". It says "Your account is suspicious, click here and enter your password". You click, go to a site that looks exactly like the bank, enter password. But that site belongs to hacker! Hacker got your password. This is phishing.
Types of Phishing:
Email Phishing: They send fake emails. Most common type.
Spear Phishing: Targeted. They send to a specific person or company. They have their info and it's more believable.
Whaling: For senior executives. Usually high amounts or sensitive info is the target.
Smishing: Through SMS.
Vishing: Through phone call.
Phishing Example:
Email comes from support@g00gle.com (notice, two zeros not two o's). It says "Your Google account is hacked, click here". You go to a site that looks exactly like Google. You enter password. Hacker got the password!
Why is it important for security?
Because phishing is the most common infiltration method! It doesn't need technical bugs, just psychology. Even the most secure systems if user gives password to hacker, they're compromised.