攻击者使用多种类型的电子邮件攻击来窃取用户的机密信息。机密信息可以包括登录凭证,银行卡详细信息或任何其他敏感数据。网络钓鱼和网络钓鱼也是这种类型的攻击。
1.网络钓鱼:
网络钓鱼是电子邮件攻击的一种,其中,攻击者试图通过电子通信来骗取用户的敏感信息,而这些意图是来自相关的受信任组织的。攻击者会精心设计电子邮件,以锁定目标群体,然后单击链接会在计算机上安装恶意代码。
例子 –
- 窃取用户的银行交易密码。
- 窃取用户的登录凭据。
2.承诺:
垃圾邮件是网络攻击的一种,其中语音通信用于从一群人那里窃取机密数据。冒名顶替时,攻击者欺骗了目标,使他们假装是来自相关和受信任的公司的员工,通过语音呼叫提供敏感信息。
例子 –
- 要求用户进行银行交易OTP。
- 向用户询问UPI PIN。
网络钓鱼和网络钓鱼之间的区别:
| PHISHING | VISHING |
|---|---|
| Phishing attack is targeted for a wide range of people through emails. | Vishing attack is also targeted for a wide range of people through voice communication. |
| Victim needs to click on malicious links. | Victim needs to tell the information on own. |
| It is an automated attack. | While it is a manual attack. |
| A single attacker can send various emails at a time. | Voice calling to target can be done by a attacker one a time. |
| It has more accuracy. | It has less accuracy. |
| It is more used now-a-days. | It was mostly used in earlier days but still attackers use it. |
| The attackers involved in phishing are cyber criminals or professional hackers. | While the vishing attackers are not expert in hacking. |