Phishing

spear phishingspear-phishinganti-phishingspearphishingphishing attacksphishersphishing attackphishphisherphishing scam
Phishing is the fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details by disguising as a trustworthy entity in an electronic communication.wikipedia
594 Related Articles

Email spoofing

email hoaxspoofinge-mail spoofing
Typically carried out by email spoofing or instant messaging, it often directs users to enter personal information at a fake website, the look and feel of which are identical to the legitimate site.
Because the core email protocols do not have any mechanism for authentication, it is common for spam and phishing emails to use such spoofing to mislead the recipient about the origin of the message.

Fancy Bear

APT28APT 28Russian hackers
Threat Group-4127 (Fancy Bear) used spear phishing tactics to target email accounts linked to Hillary Clinton's 2016 presidential campaign.
Among other things, it uses zero-day exploits, spear phishing and malware to compromise targets.

Social engineering (security)

social engineeringpretextingsocial engineer
Phishing is an example of social engineering techniques being used to deceive users.
Like Phishing it can be clicking on a malicious link or divulging information.

URL redirection

redirectredirectionredirected
Phishers have taken advantage of a similar risk, using open URL redirectors on the websites of trusted organizations to disguise malicious URLs with a trusted domain.
URL redirection is done for various reasons: for URL shortening; to prevent broken links when web pages are moved; to allow multiple domain names belonging to the same owner to refer to a single web site; to guide navigation into and out of a website; for privacy protection; and for hostile purposes such as phishing attacks or malware distribution.

Typosquatting

catchall" typosquattinggoggle.comMisspelled
Misspelled URLs or the use of subdomains are common tricks used by phishers.
As a phishing scheme to mimic the brand's site, while intercepting passwords which the visitor enters unsuspectingly

IDN homograph attack

homograph spoofing attackhomograph attackhomograph attacks
Internationalized domain names (IDN) can be exploited via IDN spoofing or homograph attacks, to create web addresses visually identical to a legitimate site, that lead instead to malicious version.
This opens a rich vein of opportunities for phishing and other varieties of fraud.

Website spoofing

impersonatelook-alikespoof website
Most methods of phishing use some form of technical deception designed to make a link in an email (and the spoofed website it leads to) appear to belong to the spoofed organization.
The objective may be fraudulent, often associated with phishing or e-mail spoofing, or to criticize or make fun of the person or body whose website the spoofed site purports to represent.

Tabnabbing

Tabnabbing takes advantage of tabbed browsing, with multiple open tabs. This method silently redirects the user to the affected site. This technique operates in reverse to most phishing techniques in that it does not directly take the user to the fraudulent site, but instead loads the fake page in one of the browser's open tabs.
Tabnabbing is a computer exploit and phishing attack, which persuades users to submit their login details and passwords to popular websites by impersonating those sites and convincing the user that the site is genuine.

AOHell

The first recorded mention of the term is found in the hacking tool AOHell (according to its creator), which included a function for attempting to steal the passwords or financial details of America Online users.
Most notably, the program included a function for stealing the passwords of America Online users and, according to its creator, contains the first recorded mention of the term "phishing".

Internationalized domain name

IDNinternationalized domain namesIDNA
Internationalized domain names (IDN) can be exploited via IDN spoofing or homograph attacks, to create web addresses visually identical to a legitimate site, that lead instead to malicious version.
IDN Guidelines were first created in June 2003, and have been updated to respond to phishing concerns in November 2005.

Voice phishing

vishing
Vishing (voice phishing) sometimes uses fake caller-ID data to give the appearance that calls come from a trusted organization.
It is sometimes referred to as vishing - a portmanteau of "voice" and phishing.

Identity theft

identity thiefidentity thievesidentity fraud
Social networking sites are a prime target of phishing, since the personal details in such sites can be used in identity theft; in late 2006 a computer worm took over pages on MySpace and altered links to direct surfers to websites designed to steal login details. Experiments show a success rate of over 70% for phishing attacks on social networks.
Identity theft may be used to facilitate or fund other crimes including illegal immigration, terrorism, phishing and espionage.

Russian Business Network

RBN (Russian Business Network)
Almost half of phishing thefts in 2006 were committed by groups operating through the Russian Business Network based in St. Petersburg.
The RBN, which is notorious for its hosting of illegal and dubious businesses, originated as an Internet service provider for child pornography, phishing, spam, and malware distribution physically based in St. Petersburg, Russia.

Anti-Phishing Working Group

APWGAPWG - AntiPhishing Working Group
In the 3rd Quarter of 2009, the Anti-Phishing Working Group reported receiving 115,370 phishing email reports from consumers with US and China hosting more than 25% of the phishing pages each.
The Anti-Phishing Working Group (APWG) is an international consortium that brings together businesses affected by phishing attacks, security products and services companies, law enforcement agencies, government agencies, trade association, regional international treaty organizations and communications companies.

Experi-Metal v. Comerica

phishing attack
In January 2009, a phishing attack resulted in unauthorized wire transfers of US$1.9 million through Experi-Metal's online banking accounts.
Experi-Metal, Inc., v. Comerica Bank (docket number: 2:2009cv14890) is a decision by the United States District Court for the Eastern District of Michigan in a case of a phishing attack that resulted in unauthorized wire transfers of US$1.9 million through Experi-Metal's online banking accounts.

E-gold

eGoldDouglas Jackson
The first known direct attempt against a payment system affected E-gold in June 2001, which was followed up by a "post-9/11 id check" shortly after the September 11 attacks on the World Trade Center.
E-gold's store of value and large user base made it an early target of financial malware and phishing scams by increasingly organized criminal syndicates.

ICloud leaks of celebrity photos

2014 celebrity photo hack2014 celebrity photo leaksan August 2014 leak
In August 2014, iCloud leaks of celebrity photos – during the investigation, it was found that Collins phished by sending e-mails to the victims that looked like they came from Apple or Google, warning the victims that their accounts might be compromised and asking for their account details. The victims would enter their password, and Collins gained access to their accounts, downloading e-mails and iCloud backups.
However, access was later revealed to have been gained via spear phishing attacks.

OAuth

OAuth 2.0loginOAuth token
It can affect OAuth 2.0 and OpenID based on well-known exploit parameters as well.
Possibly the most devastating OAuth security failure is phishing vulnerability: every web site using OAuth is visually (but not technically) asking end users for their username and password of their master identity, which prevents ordinary users from understanding that they should not type those in should they encounter an attacker's web site that visually emulates this process to steal credentials.

OpenID

Open IDOpen ID Foundation
It can affect OAuth 2.0 and OpenID based on well-known exploit parameters as well.
Some observers have suggested that OpenID has security weaknesses and may prove vulnerable to phishing attacks.

Computer worm

wormswormcomputer worms
Social networking sites are a prime target of phishing, since the personal details in such sites can be used in identity theft; in late 2006 a computer worm took over pages on MySpace and altered links to direct surfers to websites designed to steal login details. Experiments show a success rate of over 70% for phishing attacks on social networks.
However, as with the ILOVEYOU worm, and with the increased growth and efficiency of phishing attacks, it remains possible to trick the end-user into running malicious code.

Fishing

fishfishermenfished
The word itself is a neologism created as a homophone of fishing, due to the similarity of using a bait in an attempt to catch a victim.
Semantic : A "fishing expedition" is a situation where an interviewer implies they know more than they actually do in order to trick their target into divulging more information than they wish to reveal. Other examples of fishing terms that carry a negative connotation are: "fishing for compliments", "to be fooled hook, line and sinker" (to be fooled beyond merely "taking the bait"), and the internet scam of phishing, in which a third party will duplicate a website where the user would put sensitive information (such as bank codes).

Instant messaging

instant messengerIMinstant message
Typically carried out by email spoofing or instant messaging, it often directs users to enter personal information at a fake website, the look and feel of which are identical to the legitimate site.
Crackers (malicious or black hat hackers) have consistently used IM networks as vectors for delivering phishing attempts, "poison URLs", and virus-laden file attachments from 2004 to the present, with over 1100 discrete attacks listed by the IM Security Center in 2004–2007.

Email

e-mailelectronic maile-mails
In August 2015, Cozy Bear was linked to a spear-phishing cyber-attack against the Pentagon email system causing the shut down of the entire Joint Staff unclassified email system and Internet access during the investigation.
Disadvantages include the increased size of the email, privacy concerns about web bugs, abuse of HTML email as a vector for phishing attacks and the spread of malicious software.

Cross-site scripting

XSScross site scriptingcross-site scripting (XSS)
These types of attacks (known as cross-site scripting) are particularly problematic, because they direct the user to sign in at their bank or service's own web page, where everything from the web address to the security certificates appears correct.
Covert Redirection takes advantage of third-party clients susceptible to XSS or Open Redirect attacks.

Google Safe Browsing

Safe BrowsingGoogle BrowsingGoogle Safe Browsing Diagnostics
One such service is the Safe Browsing service.
Google Safe Browsing is a blacklist service provided by Google that provides lists of URLs for web resources that contain malware or phishing content.