LetsDefend Academy

Online practicing and training platform for blue team members

Phishing Attack

Phishing attack is a type of attack aimed at stealing personal data of the user in general by clicking on malicious links to the users via email or running malicious files on their computer.

Phishing attacks correspond to the "Delivery" phase in the Cyber ​​Kill Chain model created to analyze cyber attacks. The delivery stage is the step where the attacker transmits the previously prepared harmful content to the victim systems / people.

The attackers generally aim to click on the harmful link in the mail, such as “you have won a gift”, “do not miss the big discount”, “if you do not click on the link in the mail your account will be suspended” to direct users to click on the links in the mail.

The phishing attack is the most common attack vector for initial access.

Of course, the only purpose of the attack is not to steal the user's password information. The purpose of such attacks is to exploit the human factor, the weakest link in the chain. Attackers use phishing attacks as the first step to infiltrate systems.