As we have learned about Pretexting in the last blog. So it's time to learn something new which is Phishing.
You must have listened about phishing or phishing attacks.
What is Phishing?
Phishing is a type of cyberattack in which a malicious actor attempts to trick users into divulging sensitive information, such as passwords or credit card numbers, by posing as a trustworthy entity.
In Phishing an attacker uses a disguised email to obtain sensitive information from a target.
Information that's obtained can be anything from credit card details, user login information, network credentials, and more.
This type of attack is done against both individuals and large organizations. You have probably noticed a lot of phishing emails in your personal email since these attacks are performed on a very large scale.
In this type of attack, the attackers are not interested in anyone specifically. They are simply casting a wide net, so to speak, in order to persuade any unsuspecting person into providing valuable information.
The attacker may use a variety of tactics to accomplish this, including creating fake websites that mimic legitimate ones, sending fake emails or messages, and using social engineering techniques to manipulate users into giving away their information.
Features of a phishing email
You often notice attachments in emails that claim to contain an invoice or document. These usually contain a macro, which contains a payload that can drop a remote shell, allowing an attacker to access your computer, or even drop malware such as ransomware. Lately, some of these emails have been containing .html files, which are often in .doc or .js format. These have a low detection rate by antivirus software as they are not generally associated with email attacks. Of course, as antiviruses mature, so do the attacker's tactics.
Some phishing emails may contain a link redirecting you to a website that may look legit. Common types of phishing emails are those that request you to reset your password, or confirm your details to avoid your account being disabled, and so on. Usually, when you hover over the link, you will see the actual URL, which is not legitimate, but as the attackers mature in their tactics, they start using URLs that seem very similar to the legitimate one. For example, https://www.facebook.com/ could be depicted as www.faccebook.com or www.faceboook.com, which can be easily missed if you don't look carefully.
Too good to be true:
Many phishing emails have statements that are designed to attract people's attention. These are usually related to lucrative offers, such as winning a device, the lottery, or inheriting a small fortune from a distant relative. One thing to keep in mind is that if it seems too good to be true, it probably is.
Phishing kits are easily available on the dark net. The availability of these kits makes it easy for attackers with minimal skills to launch a phishing campaign. A phishing kit bundles website resources and tools that are ready to be installed on a server. Once installed, all that is required is for the attacker to send emails to the victims, which directs them to the phishing site.
One common type of phishing attack is called spear phishing, in which the attacker targets specific individuals or organizations with personalized messages or fake websites. These attacks can be particularly effective because they are tailored to the victim, making them more likely to believe that the attacker is legitimate.
Spear phishing is a cyberattack that is targeted toward a specific individual, department, or company that appears to be from a trusted source.
This type of attack is hard to spot and is well thought out, and often the targets are researched well in advance before such an attack is performed.
This is not like a normal phishing attack where the attackers cast a wide net; spear phishing is a directed attack. The core component of a spear phishing attack is information gathering.
Gathering information about email addresses, people, and their positions within the target organization (using OSINT tools such as LinkedIn) will help you define who your target will be and who you can impersonate.
Open-source intelligence can provide you with a wealth of information on your targets.
Features of spear phishing attacks
Buisness email compromise:
This aims to abuse processes such as payroll or invoices. The attack would leverage an email from a reputable source and contain a document related to an invoice. To the average human, nothing appears untoward and they
This attack uses multiple attack vectors. For example, the spear phishing email will contain dynamic URLs, drive-by downloads, and a payload encoded within a document to avoid detection.
Since a well-crafted spear phishing email does not have characteristics that are found within the large amounts of normal phishing emails that are found on the internet, it makes it harder to detect by traditional reputation and spam filters.
In this type of attack, a spear phishing campaign is directed at a high-profile target, often someone in the c-suite of an organization. High-profile people often have more privileged information than the average person, and this makes them a prime target. Any information that's stolen in a whaling attack is more lucrative on the black market, over and above the possibility of privileged credentials that an attacker can use
Now you just have learned about Phishing but these attacks are quite common so
To protect against phishing attacks, it is important to be vigilant and cautious when receiving emails or messages from unknown sources.
Avoid clicking on links or providing personal information unless you are certain that the request is legitimate.
Additionally, using a strong, unique password for each of your online accounts can help protect against attackers who may try to use your stolen information to gain access to your accounts.
Overall, phishing is a serious threat that can have significant consequences for individuals and organizations.
By being aware of the risks and taking steps to protect yourself, you can help reduce the chances of falling victim to a phishing attack.