#phishing

The most common types of phishing attacks and their signs

According to a Cisco report, 90% of data breaches are caused by phishing attacks. Millions of users are affected by malware and ransomware. However, phishing attacks are no less harmful. The availability of the latest security protocols and software cannot fully protect against cyber threats.  A low user knowledge level increases the risk of becoming a cybercriminals victim. It is important to ensure that all users are properly trained.

Phishing attack is a cyberattack that uses social engineering to illegally acquire sensitive data. Often the attack is carried out through malicious links and files that users are tricked into opening. Phishing attacks are also combined with malware to do more damage. To successfully implement an attack, a cybercriminal carefully studies user behavior. Thus, he selects the easiest and the most efficient way to achieve his goals.

Signs of phishing attempts:

Cybercriminals are constantly developing new phishing methods to obtain sensitive data.

The most common types of phishing attacks are:

  1. Email phishing is the oldest and most used type of phishing attack. Emails that imitate legitimate senders target corporate users and individuals. Using a malicious link, document, or image, an attacker forces the victim to download malicious code (for example, «verify» personal information by clicking on a link).

Signs: request for personal information; urgent problem; shortened links; suspicious URL; spelling and grammatical errors; nested files; empty image;

  1. Spear phishing is more targeted and focused on a specific person or company. Attackers collect information from open sources and attack entire enterprises and departments.

Signs: unusual requests, links to shared drives; suspicious and unsolicited emails; reference to personal data;

  1. Whaling – a targeted attack on a specific person or group of people from the senior management. Most often the CEO of the company becomes the victim.

Signs: invalid domain address, use of personal email; new contact requests;

  1. Business email compromise – attackers impersonate managers in order to gain access to his account with the ability to make decisions and send internal requests to employees.

Signs: urgency, unusual behavior, lack of lawyers in correspondence;

  1. Voice phishing – an attack using a phone to get information or money.

Signs: blocked and hidden number, requests for confidential information or money;

  1. HTTPS (a standard traffic encryption protocol that requires TSL/SSL certificates) phishing is a URL-based attack that aims to trick people into clicking on a malicious link.

Signs: shortened links, text with hyperlinks, spelling errors in the URL.

  1. Clone phishing – attackers copy a letter previously sent by a legitimate person or organization, forge the sender’s address and resend it to the victim with a malicious attachment or link.

Signs: duplicate emails, errors in the email address, hyperlinked text.

  1. SMS phishing – attacks through SMS messages with malicious attachments and links.

Signs: suspicious and unsolicited messages, messages from unknown numbers, authentication request.

  1. Pop-up phishing – an attack through pop-up windows. Attackers insert malware in the form of pop-up ads. A click starts the infection process.

Signs: Browser notifications, new tab or window, urgent message pop-ups (antivirus update, subscription renewal, etc.).

  1. Social media phishing – using information from social networks, attackers gain access with the help social engineering to the victim’s confidential data.

Signs: suspicious links, suspicious accounts.

  1. Angler phishing – attackers pose as customer service employees in a phishing attack by creating a fake account and contacting a potential victim. During the interaction, the cybercriminal specifies personal data, and then provides a link to solve the problem that contains malware.

Signs: unverified account, no profile history.

  1. Evil Twin phishing – attacks consist of creating an unsecured Wi-Fi hotspot and luring users into connecting. Once the victim has connected, all incoming and outgoing data (personal information, financial data, etc.) can be intercepted by attackers. This type of attack is more likely to occur in public places with free Wi-Fi (cafes, hotels, airports, etc.). The best way to avoid becoming a victim in this case is to use a VPN.

Signs: duplicate Wi-Fi hotspots, security alerts.

  1. Website spoofing – creation of a completely fake site identical to the legitimate one to obtain confidential information. Most often, the websites of organizations from finance, healthcare and social networks field are faked, as they contain important personal information.

Signs: errors in writing URLs, errors on the site.

  1. Email spoofing – creating a completely fake email domain.

Signs: suspicious and unsolicited emails, errors in email addresses.

  1. DNS spoofing (pharming attacks) is a technically more complex type of attack where a cybercriminal has to hack a domain name server (DNS) that converts domain names into IP addresses.

Signs: unsecured website, website errors.

  1. Image-based phishing – occurs through sending an email with an image that contains hyperlinks, malicious URLs, links to infected sites.

Signs: embedded link in image, spam, large call to action buttons.

  1. Search Engine Phishing – attackers create legitimate pages based on keywords and queries to rank in search engines (Google, Bing). The pages contain interesting suggestions to lure the victim into entering banking information. More often, such pages offer free vacations, products, investment opportunities, discounts, job offers, etc.

Signs: attractive offers that are hard to refuse, poorly designed sites.

  1. Watering Hole phishing – an attack is aimed at a specific company or group of people by infecting a site they frequently visit. Cybercriminals find site vulnerabilities, infect it, and lure potential victims with emails to that site.

Signs: security alerts, security testing.

  1. Man in the middle (MITM) – an attacker intercepts the communication chain, becomes an «intermediary», controls communication, intercepts data and has the ability to manipulate it to obtain personal information from both sides.

Signs: insecure sites, spelling errors in the URL, noticeably slow communication process.

What is phishing and how not to fall into a trap?

Phishing is one of the oldest forms of cybercrime. Despite this, phishing still poses a serious threat to many organizations. The reason for this is the widespread usage and sophistication of phishing campaigns.

Phishing is a cyberattack type that is aimed at gaining access to users’ confidential information (login/password, bank card details (CVV, card PIN, etc.), transaction confirmation password, e-mail address, financial phone number, code word and answers to security questions and other banking information).

To carry out such attack criminals use social engineering methods. They fake emails, ads, or websites to look as close as possible to already trusted by users. For example, cybercriminals can send a letter ostensibly from the bank where clients are served and force them to provide information about their bank account. When opening such a letter and clicking on a malicious link, users get to a fake, but as close as possible to the real site. Attackers often spoof financial institutions, emails from colleagues, auction sites, social networks, and online payment systems. Phishing emails can also contain attachments to install malware (ransomware, programs to gain unauthorized access to the system and obtain confidential information, etc.).

There is a phishing kit to facilitate phishing campaigns implementation. It is a set of tools that reflect legitimate sites (Microsoft, Google, Apple, PayPal, etc.). After installing such a set on the server and acquiring a domain name for a phishing site, email attack to achieve attacker’s goals can be started. Phishing kits are available for purchase on the dark web.

Phishing targets:

Phishing attacks types:

The main phishing task is to disguise yourself as a legitimate company, employee or colleague as much as possible that makes it difficult to determine authenticity. However, there are certain indicators that indicate phishing attempts:

The popularity and high success rate of phishing attacks increases the need for methods to prevent them. The best way to prevent phishing is to study examples of phishing attempts and provide employee training.

To prevent phishing attempts, personnel should:

To prevent phishing emails from reaching employees it’s necessary to use:

GoUp Chat