Phishing vectors are methods used by hackers to perform a successful phishing attack. There are several methods to trick user get fooled to input credentials in phished pages and they will also evolve with time. There’s no way you can stop anyone from being creative at his/her attack style but following three are some of the most used methods used by attackers as phishing vectors,
Man In The Middle Attack:
The attack that guarantees a hacker that his victim will fall prey to his/her trap is man-in-the-middle attack. ARP poisoning and DNS poisoning both are considered as man-in-the-middle attack which guarantees that his victim will surely fall prey to phished page since URL doesn’t appear different.
URL Obfuscation Attack:
Many people don’t know there are many ways to represent same URL and IP address. The attacker tries to take advantage of this to do his/her dirty job of taking victim to a phished pages.
Using Bad URL Convention:
So what is bad URL, for example suppose the name of site is www.abcd.com so to make his URL appear same as site name he/she will take domain with somewhat similar name like http://www.abcd.net , http://www.acbd.com, http://www.abcd.in etc.