फ़िशिंग
Embed This Widget
Add the script tag and a data attribute to embed this widget.
Embed via iframe for maximum compatibility.
<iframe src="https://ipfyi.com/iframe/glossary/phishing/" width="420" height="400" frameborder="0" style="border:0;border-radius:10px;max-width:100%" loading="lazy"></iframe>Paste this URL in WordPress, Medium, or any oEmbed-compatible platform.
https://ipfyi.com/glossary/phishing/Add a dynamic SVG badge to your README or docs.
[](https://ipfyi.com/glossary/phishing/)Use the native HTML custom element.
परिभाषा
एक सोशल इंजीनियरिंग अटैक जो उपयोगकर्ताओं को क्रेडेंशियल, वित्तीय डेटा उजागर करने या मैलवेयर इंस्टॉल करने के लिए धोखाधड़ी वाले ईमेल, वेबसाइट या संदेशों का उपयोग करता है। स्पीयर फ़िशिंग व्यक्तिगत सामग्री के साथ विशिष्ट व्यक्तियों को टारगेट करती है।
Anatomy of a Phishing Attack
Phishing is social engineering delivered over digital channels — most commonly email, but increasingly via SMS (smishing) and voice calls (vishing). The attacker spoofs a trusted sender and directs the victim to a fake login page or malicious attachment. Credential harvesting, malware delivery, and RansomwareA type of malware that encrypts a victim's files or locks their system, demanding payment (usually in cryptocurrency) for the decryption key. Modern ransomware often combines encryption with data exfiltration for double extortion. staging are the most common payloads.
Technical Enablers and Defenses
Phishing succeeds partly because of email authentication gaps. DNSDomain Name System. The hierarchical, distributed naming system that translates human-readable domain names (e.g., example.com) into IP addresses (e.g., 93.184.216.34). Often called the "phonebook of the internet." records play a critical defense role:
- SPF (
TXTrecord) — lists authorized sending IPs for a domain - DKIM — cryptographic signature on outgoing mail
- DMARC — policy that tells receivers what to do when SPF/DKIM fail
Without these TXT RecordA DNS record that holds arbitrary text data. Commonly used for email authentication (SPF, DKIM, DMARC), domain ownership verification, and other machine-readable metadata. controls, attackers can spoof your domain to target your customers or partners. SSL certificates on phishing sites are now ubiquitous — the padlock icon no longer signals safety.
Detection and Response
Technical indicators to monitor: lookalike domain registrations (Unicode homoglyphs, typosquats), sudden spikes in DNS queries for brand-impersonating domains, and links resolving to hosting providers known for abuse. WHOIS Lookup can quickly reveal whether a suspicious domain was registered days ago — a strong phishing signal. Browser-based phishing kits often exfiltrate credentials via HTTPSHTTP Secure. The encrypted version of HTTP that uses TLS to protect data in transit between a browser and a web server. Identified by the padlock icon in browsers and the https:// URL scheme. to blend into normal traffic.