Phishing 

Phishing is a cyberattack whereby an attacker uses a disguised email to obtain sensitive information from a target. Information that's obtained can be anything from credit card details, user login information, network credentials, and more. This type of attack is done against both individuals and large organizations. You have probably noticed a lot of phishing emails in your personal email, since these attacks are performed at a very large scale. In this type of attack, the attackers are not interested in anyone specifically. They are simply casting a wide net, so to speak, in order to persuade any unsuspecting person into providing valuable information.

Some of the common features of a phishing email are as follows:

• Attachments: You often notice attachments in emails that claim to contain an invoice or document. These usually contain a macro, which contains a payload that can drop a remote shell, allowing an attacker to access your computer, or even drop malware such as ransomware. Lately, some of these emails have been containing .html files, which are often in .doc or .js format. These have a low detection rate by antivirus software as they are not generally associated with email attacks. Of course, as antiviruses mature, so does the attacker's tactics.
• Hyperlinks: Some phishing emails may contain a link redirecting you to a website that may look legit. Common types of phishing emails are those that request you to reset your password, or confirm your details to avoid your account being disabled, and so on. Usually, when you hover over the link, you will see the actual URL, which is not legitimate, but as the attackers mature in their tactics, they start using URLs that seem very similar to the legitimate one. For example, https://www.facebook.com/ could be depicted as www.faccebook.com or www.faceboook.com, which can be easily missed if you don't look carefully.
• Too good to be true: Many phishing emails have statements that are designed to attract people's attention. These are usually related to lucrative offers, such as winning a device, the lottery, or inheriting a small fortune from a distant relative. One thing to keep in mind is that if it seems too good to be true, it probably is.

Phishing kits are easily available on the dark net. The availability of these kits makes it easy for attackers with minimal skills to launch a phishing campaign. A phishing kit bundles website resources and tools that are ready to be installed on a server. Once installed, all that is required is for the attacker to send emails to the victims, which directs them to the phishing site.