Phishing attacks are regarded as one of the most effective and low effort tools hackers rely on to compromise cybersystems or leak sensitive data. Pharec aims to bring innovative (autonomous) cybersecurity products that improve safety of our daily digital interactions (e.g. make browsing less risky).

Social Engineering and Phishing attacks are two types of deception and information disclosure attacks. In this post we define phishing with examples, anatomy of attack and tips to avoid and mitigate these attacks. Historically there have been many examples (incidents) that involved social engineering as a whole attack or part of a series of malicious operations to achieve adversarial goals. Social engineering is a major threat that “was responsible for over 69% of breaches” on public administration organizations around the world, almost all of the breaches involved phishing attacks, as reported in Verizon’s 2021 DBIR (Data Breach Investigation Report). Furthermore, according to APWG (Anti-Phishing Working Group), the number of phishing attacks has doubled after 2020 and remained at the same high level, more specifically, in June 2021 they observed 222,127 attacks. In this article we answer and discuss the following questions: what is phishing? How are attackers able to mount phishing campaigns and targeted attacks? What can we do to avoid and mitigate phishing?

Team Phiar named gold award winner Thakaa Cybersecurity Challenge 2021. Pharec is our submmision to the challenge. At the time we started with a rough idea of developinga browser webextension to detect phising websites using machine learning models. Throghout our journey in the challenge we received feedback and changed in the technology to solve the challenges we encountered. The solution chnaged to producing a web deep learning computer vision model to recognize websites then determine whether the website is a trusted or phishing website. For more detail about pharec follow our blog and twitter.