Guide to Phishing
While phishing is a form of attack that has been around for a long time, functional and usable solutions have been pretty hard to identify. Why is it hard to eradicate? Because of its simplicity. Because we have grown accustomed to the process of authenticating with passwords to online services that are recognizable by their brand, it can be hard to be alert of the possibility that a legitimate-looking login form that we have naturally filled hundreds of times before could be malicious.
Because of its simplicity, popularity, and effectiveness, phishing has naturally become a primary tactic against human rights defenders, dissidents, and journalists all over the world. Unfortunately, security education programs often fall behind the current trends, and attackers are fast to adapt and defeat widely spread recommendation.
This guide is intended for individuals at risk and security trainers who wish to learn more in depth the modern strategies and tactics used in phishing attacks, and available mitigations.
Note: this guide is currently under development. You can contribute to this text here.