How is phishing carried out

Phishing definition: what do attackers do?

Phishing definition

Phishing is a form of social engineering. E-mails, fake websites or other channels are used to obtain confidential information from a person or company.

Phishing attacks are often carried out via email. Attackers send messages to users allegedly from an institution or company with which the person does business. The goal of these attacks is to trick the recipient into taking the attacker's desired action. For example, entering confidential information, running software, or visiting a malicious website.

Phishing definition according to the Federal Office for Information Security (BSI):

Phishing is an made-up word "Password" and "Fishing" and refers to attacks in which passwords, credit card details or other confidential information are deliberately extracted from users.

How to deal with phishing

Generally

In the case of phishing, reputable websites of banks or online service providers are often imitated in order to access access data. The attacks are often carried out via email. In some cases, the attackers also use other techniques, such as direct messages via social networks, SMS messages or messenger services.

A typical phishing message contains a request to take a specific action. For example, “Click the link and change your password” could be such a prompt. Attackers exert pressure to further intimidate the victims. You threaten to block the recipient's accounts if they don't follow the instructions.

Phishing attacks are often sent around important events, holidays and anniversaries or take advantage of the topicality of news from around the world, which can be both true and fictitious.

Purposeful

In the first phase of a targeted attack (see Spear Phishing / Whaling), the attackers collect background information. These can be interests, activities, and personal and professional history of the target person. The attackers use public information sources such as Xing, Facebook, Twitter, and social engineering attacks to obtain this information. After this phase, the attackers have detailed information about the target person. They know the names of friends and relatives, job titles and e-mail addresses of the target person, as well as information about colleagues and important employees in the company. Attackers use this knowledge to create credible emails.

In the next step, the target person receives a message that appears to come from a friend or a well-known organization. The message contains a malware file attachment or a link to a website that the attacker controls. The aim of the attacks is to install malware on the user's device or to obtain confidential information such as username and password via a specially crafted website.

The falsified e-mails often report alleged system failures or changes to the infrastructure, so that the target person is asked to re-enter and confirm personal access data. The target person is directed to the fake website via a link in the e-mail in order to access the access data there.

These phishing mails are difficult to distinguish from authentic messages. They contain logos, graphics and data from companies and therefore look deceptively real. The links are presented as if they would lead to the official company. The use of subdomains and misspelled URLs are common tricks used by attackers.

Phishing methods

Over the years, phishing has become a major threat. Not only private individuals, but also more and more companies are affected. Along with malware, phishing represents one of the greatest dangers for Internet users. The attackers use increasingly sophisticated methods to deceive users. The most common methods are explained below:

What is spear phishing?

In spear phishing (Spear English forSpear)it is a special form of phishing. This attack is mostly targeted at individual company employees and often occurs via an email that appears to have come from a trusted source. The attackers are clever and carefully select the recipient. Since spear phishing attacks target organizations or people in a targeted manner, the preparation, but also the effectiveness of this attack is significantly higher than with normal phishing attacks.

What is whaling?

An important person is often referred to as a "big fish". The "whaling" method aims to catch these "big fish". The term comes from English and means "whaling" when translated into German. Strictly speaking, a whale is a mammal and not a fish, but this term has become established.

Whaling has all the characteristics of phishing. However, the attack is directed against specific target persons such as high-ranking managers, administrators or important people in accounting. Whaling requires additional research compared to phishing. The attacker needs to know who the target is communicating with and what kind of discussions are being held. Attackers usually start with social engineering to gather information about the target person and the company. The attackers mostly use e-mail to carry out the attack. An example of a successful whaling attack is referral fraud, in which the attacker pretends to be the CEO and initiates a large transfer amount (also known as CEO fraud). The attack is currently very popular and the Federal Administration's Computer Emergency Response Team (CERT Bund) is also warning against it.

What is clone phishing?

Clone phishing is a method that uses a copy of an authentic email or website to intercept confidential information or distribute malware. An attacker creates a nearly identical copy of a message that the target person received in the past. The attacker sends this message to the recipient for the second time. The message text looks exactly like the previous message and the sender has also been impersonated. However, the attachment has been replaced by malware. The attacker writes that he has updated the file and thus tricked the recipient into opening the now malicious attachment.

Another variant is the provision of a cloned website with a fake domain, which often contains malware or is aimed at phishing access data.

Phishing Techniques

There are a number of different phishing techniques that can be used to obtain personal information from users. As technology advances, so do techniques. To prevent phishing, users should be familiar with the various phishing techniques. Let's look at some of these techniques:

Email phishing

The attackers sent emails with identical content to thousands of users. Users are prompted to enter personal information. Attackers then use this information for their own purposes or sell the collected data for illegal activities. In most phishing mails, attackers apply additional pressure and threaten to block the recipient's accounts if they fail to comply with the request in the phishing mail.

Link manipulation

Link manipulation is a simple phishing technique. An attacker sends an email to the target person with a link to a malicious website. The link text indicates a legitimate website. However, clicking the link loads the attacker's malicious website. However, these attacks can be detected by hovering the mouse over the link without clicking on it. If the target link does not match the link displayed, it is usually a manipulated link and therefore phishing.

Vishing (voice phishing)

The attackers use the telephone for this technology. Typically, the target person receives a call or voice message disguised as a message from a financial institution. The recipient should call a number or enter a PIN. The stored number does not lead to the financial institution but directly to the attacker. More about Vishing ...

For example, attackers are currently calling large computer companies as support staff and urging users to solve a perceived security problem on their computers. This scam is not new; alleged service centers have already called users in the past to solve given problems on their computers. To do this, the users had to download a remote control program and give the supposed employee full access to their computer - the computer was infected after a few minutes.

Smishing (SMS phishing)

This technology uses the Short Message Service (SMS). The attackers use a text message to trick a target person into opening a link that leads to a phishing site.

Content spoofing

Content spoofing replaces content on a website with prepared content. To do this, the attackers exploit errors on websites and integrate their own content from another resource. This technique is difficult for a user to see.

Search engine phishing

Search engines are also involved in phishing attacks. Search engines display advertisements for products. Attackers try to exploit this for themselves. They create advertising with a cheap offer to lure users to a phishing site. Attackers then collect the data entered, such as account information or credit card numbers.

Malware

Attackers use phishing to distribute malware. Usually this malware is sent as an email attachment. Alternatively, hide the malware in legitimate software and offer it for free download on various websites.

Risk to business

Phishing emails are an enormous danger, especially for companies. According to the current study "Threat Landscape Survey 2017", which was carried out on behalf of the SANS Institute, both company employees and their devices are one of the primary targets for attackers classified as the greatest security threat. Companies have been confronted with phishing repeatedly in recent years. The attacks are increasingly directed against individual company employees. The attackers sometimes target employees with very precise methods, such as spear phishing.

Among the implications of the attacks for businesses, phishing is ahead of malware and spam attacks and accordingly causes the greatest damage. Around 40 percent of the IT and security experts surveyed had experience with phishing attacks in 2017. It is precisely for this reason that the correct and regular IT training of a company's employees is extremely important, because experts say the risk of phishing and spam attacks will continue to increase.

Layer8 is the platform to sensitize employees to phishing and security awareness. Various modules such as training or phishing modules increase the awareness of your employees and thus increase IT security in your company.
Our free Layer8 Phishing Report AddIn for Outlook enables employees to analyze the headers and links of an email and forward suspicious emails to the responsible department.