Types of Phishing Attacks and How to Identify them
Phishing is a kind of cyberattack that is used to steal users’ information including login details and credit card numbers. Most of the data breaches involve scams seeking to steal people’s sensitive information or login credentials, which is a type of phishing attack. A phishing attack can be carried out with the help of fake emails and cloning legitimate websites and tricking the user into revealing sensitive information.
Working of Phishing Attacks :
- Legitimate websites are cloned.
- The login page is changed such that it seems legitimate and it points to a credential-stealing script.
- The modified files are combined into a zip file to create a phishing kit.
- A phishing kit is uploaded to a compromised website where files are unzipped.
- The email is sent with a link that points to a new fake website.
Types of Phishing Attacks :
- Email phishing –
Most phishing attacks are sent via email. Attackers will register fake domains impersonating real organizations and will send thousands of generic requests. Links usually lead to malicious websites that steal credentials or install malicious code, known as malware, on users’ devices. Or, they might use the organization’s name in the local part of the email address (such as firstname.lastname@example.org) in the hope that the sender’s name will only appear as “Amazon” in the recipient’s inbox.
- Whaling –
Attackers use social media or company websites to find the names of the organization’s CEO or other members of senior management. Then they impersonate the person using a similar email address. Emails may require a money transfer or require the recipient to review documents. A whaling attack is also known as CEO fraud. Scams involving fake tax returns are an increasingly common type of whaling.
- Vishing –
Vishing is short for “voice phishing”, which consists of tricking people on the phone, persuading them to divulge sensitive information. In this type of attack, the attacker tries to steal the victim’s data and use it to his advantage.
For example, many people receive fake phone calls from people posing as the Internal Revenue Service (IRS) during tax season, indicating that they want to do an audit and need a Social Security number. The recipient can be easily tricked into providing personal information in vishing attacks.
- Smishing –
Smishing is sending a message that requires someone to take action. This is the next evolution of vishing. Often the text includes a link that, when clicked, installs malware on the user’s device.
- Angler phishing –
Social media has become another popular place for phishing attacks. Angler phishing occurs when cybercriminals use notification features or direct messages in social media applications to trick someone into taking action.
- HTTPS Phishing –
Nowadays cybercriminals are using HTTPS in the links that they use to perform phishing attacks. Even though HTTPS is a secure protocol, attackers are now making use of HTTPS links.
- Spear phishing –
This type of phishing attack uses email but with a specific targeted approach. The attackers use open-source intelligence (OSINT) to gather information about a particular company through social media or the company’s website. Then, they make specific individuals from the company as their target using real names, job roles to make the recipient think the email has arrived from a known, legitimate source.
- Pharming –
In a pharming attack, the attackers hack a Domain Name server (DNS). The domain names are translated into IP addresses with the help of DNS. Whenever a user types a URL in a browser, the server will redirect the user to a fraud or cloned website that might look exactly the same as an original or legitimate website.
- Pop-up phishing –
Most websites make use of pop-ups in a website to address important things. Cyber attackers place malicious code in the pop-ups that appear on a website like a browser prompts the message www.example.com wants to show notifications. When we click on allow notifications, it automatically installs malicious code that may contain malware or other harmful content.
- Clone phishing –
In a clone phishing attack, an attacker uses an original email that contains some sort of attachments and links. The cloned message is replaced with malware and virus and it seems like it has been sent by a legitimate sender.
- Evil Twin –
In an evil twin attack, the attacker makes use of a fake WIFI hotspot to carry out man-in-middle attacks. With help of the fake WIFI hotspot, the attacker can steal login credentials or personal information.
- Watering hole phishing –
A waterhole attack is a type of attack in which an attacker attempts to compromise a specific group of end-users by infecting a website known to be visited by a member of the group. Its purpose is to infect the targeted user’s computer and gain network access at the target’s workplace.
Prevent Phishing Attack :
- Prevent email phishing –
Do not click on shortened links as they are used to trick secure email gateways. Ignore emails that contain only images and very little text as images can hide malicious code. review the message for any logos that look real as they may contain false and malicious HTML attributes.
- Prevent whaling attacks –
Abnormal Requests: If a member of senior management has not been in contact before, be careful to take the action that is requested.
Confirm before any action: Attackers might seem real, but make sure you double-check and confirm from senior management before making any financial transactions.
- Prevent vishing attacks –
Call Number: The number may be from an unusual location or may be blocked.
Action Required: The call requested personal information which would seem unusual for this type of caller.
- Prevent smishing attacks –
Change delivery status: Text requiring the recipient to take action to change the delivery will include a link, so always search the email or go directly to the delivery service’s website to check the status.
Abnormal prefix: Review the prefix and compare it to your contact list before replying to a text message or taking the suggested action.
- Prevent angler phishing attacks –
Notifications: Be careful with notifications indicating additions to posts as they can include links that direct recipients to malicious websites.
Abnormal direct messages: Beware of direct messages from people who rarely use this feature as accounts can be faked or fraudulently re-created.
- Prevent HTTPS Phishing –
Don’t click on shortened links. The link should be in the long tail format and it should show all parts of the URL.
- Prevent Spear Phishing –
There may be abnormal requests from people like sharing login IDs and passwords, making money transactions, etc. Consult a senior before taking any serious actions.
- Prevent Pharming –
Look for loose ends. Be aware of small mistakes like misspellings, strange fonts, mismatched content, etc that can be found on malicious websites. Attackers clone the original websites for carrying out phishing attacks but these types of small mistakes can be easily pointed out.
- Prevent Pop-up Phishing –
Attackers have started using pop-ups to trick users. It can be used to download malicious files on a user’s computer.
For e.g., pop-ups that contain malicious code can turn a browser to full-screen mode or any other abnormal behavior.
- Prevent Clone Phishing –
Double-check the emails requesting personal information, login-ID, and passwords or money transactions, as this can lead to huge financial loss.
- Prevent Evil Twin attacks –
Never connect to insecure or open Wi-Fi connections. It is a type of man-in-the-middle attack, where an attacker steals your credentials when you are connected to an insecure network.
- Prevent Waterhole phishing –
Make sure you use a firewall to prevent traffic from a malicious source because unwanted sources can download malware and other harmful content on your system.
- In January 2016, an employee of the Austrian aerospace components manufacturer FACC received an email asking the organization to transfer 42 million euros to another account as part of an “acquisition project”. The message appears to have come from the organization’s chief executive, Walter Stephen, but it was a scam. Few details have been revealed about what went wrong, but there is reason to believe that Stephen is at least partially guilty. This is because the FACC fired him after an internal investigation, claiming that he “grossly violated his duties”.
- Between 2013 and 2015, two of the world’s largest technology companies were swindled for $100 million (about €90 million at the time) after falling victim to fraudulent invoice fraud. A Lithuanian, Evaldas Rimasauskas, noted that both organizations use Taiwanese infrastructure provider Quanta Computer. The attacker sent out a series of multimillion-dollar fake invoices replicating the supplier over two years, complete with contracts and letters that appear to have been signed by Facebook and Google executives and agents. Eventually, the scam was discovered and Facebook and Google took legal action. They were able to recover nearly half of the stolen money. Rimasauskas was arrested and was sentenced to five years in prison.