Documented process to respond to phishing campaigns

Documented process to respond to phishing campaigns.

Phishing is a form of online fraud in which hackers attempt to get your private information such as passwords, credit cards, or bank account data. This is usually done by sending false emails or messages that appear to be from trusted sources like banks or well-known websites.

Types of Phishing Attacks 1. Email Phishing Email phishing is the most common type of phishing. Typically, the threat actor registers a fake domain that looks like a real one owned by a legitimate organization, sending thousands of generic emails. Here are common examples of fake domain names techniques: Character substitution — For example, using “r” and “n” to substitute “m” with “m.” Organization name — Actors use the organization’s name in the beginning of the email address to try to include the organization’s name as the sender’s name. For example, [email protected] may appear as “Visa” in the recipient’s inbox. You can spot a phishing email by checking the email address of any message asking you to download an attachment or click a link. 2. Spear Phishing and Whaling Spear phishing and whaling attacks send emails that impersonate trusted sources to trick their victims. Spear phishing is different than regular phishing attacks in that they target specific roles or individuals, such as IT administrators and HR professionals. Whaling attacks also create campaigns around a certain role or individual, but with a bigger target than spear phishing. Instead of impersonating a broad group like a team or department, whaling attackers aim at high-level targets such as influencers or executives like CEOs, CFOs, or the head of HR. A whaling attack requires more in-depth research to impersonate the whale accurately. The goal is to take advantage of the whale’s authority to convince other whales or employees not to question the actor’s requests. 3. Smishing and Vishing Smishing and vishing attacks utilize telephone communication instead of emails. Smishing attacks send out text messages, and vishing attacks utilize phone conversations. The content of a smishing attack is usually similar to content sent via email phishing. There are various types of vishing scams. In a common scam, threat actors impersonate a fraud investigator from a credit card company or the bank. The actor lies to the victim, saying their account was breached and then asking the victim to provide credit card details supposedly to verify their identity..

4. Clone Phishing Clone phishing attacks are similar to typical phishing scams in that they send out emails that seem legitimate and prompt victims to divulge information. However, instead of impersonating an individual or organization, the threat actor copies a legitimate email previously sent by a trusted organization. Next, the actor manipulates the real link from the original email to redirect victims to a fraudulent site. Once they reach the site, victims are tricked into entering all credentials they use on the real site. 5. Pharming Pharming phishing attacks are highly technical and typically difficult to detect. The threat actor hijacks a domain name server (DNS), translating URLs from natural language into IP addresses. Once a user enters the website address, the DNS server redirects them to a legitimate-looking malicious website’s IP address. 6. Evil Twin Attack An evil twin phishing attack employs a fake but legitimate-looking WiFi hotspot to intercept data in transit. Once a user tries to use the fake hotspot, the actor can engage in eavesdropping or man-in-the-middle attacks. It enables the actor to gather data, such as sensitive information and login credentials, transferred through the connection..

Examples 1: From: Microsoft Support <[email protected]> To: [email protected] Subject: 🔒 Action Required: Unusual Sign-In Activity Detected Dear User, We detected unusual sign-in activity in your Microsoft account from an unrecognized device. Date: Tuesday, 24 June 2025 Location: Lagos, Nigeria IP Address: 102.89.45.23 If this was not you, please verify your account immediately to secure your information. 🔗 Verify Account Now Failure to verify your identity within 24 hours may result in temporary suspension of your account. Thank you, Microsoft Account Team.

Example 2 From: HR Department <[email protected]> To: Rajiv Sharma <[email protected]> Subject: Immediate Action Required – Updated Employee Benefits Form Dear Rajiv, We noticed your health insurance information is incomplete in our system. To avoid interruption in coverage, please download and complete the attached form today: 📎 Benefits_Update_Form.docx 🔗 Or access here: https://yourcompany-support.com/secure This is mandatory to ensure continued HR support. Regards, Joshi HR Compliance Team Red Flags: Looks like it’s from HR but domain is fake. Personalized with employee’s name and role. Uses urgency and attachment with malicious intent..

Example 3 From: CEO – Rakesh Mehta <[email protected]> To: [email protected] Subject: Confidential: Urgent Wire Transfer Request Hi, I'm currently at a conference with limited access. Please process a wire transfer of ₹8,50,000 to the vendor below ASAP – it’s critical for our partnership expansion. Account Name: TrustLink Global Account Number: 387562983 Bank: HDFC, New Delhi IFSC: HDFC0001234 Confirm once sent. I’ll explain in detail later. Best, Rakesh Red Flags: Uses a free email service, not company domain. High-value request with urgency. Attempts to bypass normal procedures due to “executive authority”..

Immediate Action:. You've clicked a suspicious link, and now you're worried. Don't panic! While clicking a phishing link can be a serious situation, taking immediate action can minimize potential damage. This guide will walk you through the essential steps to take after a phishing click. 1.Stop Everything on system. The first and most important step is to stop whatever you're doing. Do not continue interacting with the website or providing any personal information..

2. Check for Unusual Activity:. Is your device behaving strangely? Are programs running slower than usual, or are there new programs you didn't install? Are you getting unusual notifications? Look for pop-ups, alerts, or emails from unexpected senders..

3. Disconnect from the Internet:. Disconnect from the internet immediately. This will prevent the phishers from accessing your device or data. You can do this by disconnecting your Wi-Fi or Ethernet cable or turning off your mobile data..

4. Scan Your Device for Malware:. Run a full system scan with your antivirus software. This will detect and remove any malware that may have been installed on your device. Consider using a dedicated malware removal tool for a more thorough scan..

5. Report the Phishing Attempt:. Forward the phishing email to the appropriate authorities. Many email providers have dedicated phishing reporting options..

Phishing awareness, consider the following key points:.

Conclusion. Take the time to understand how phishing attacks work. This will help you identify them in the future and avoid falling with victim ..