The Anatomy of Security Phishing
Although we continue to take measures to secure our systems and facilities, malicious actors will always attempt to identify a weak link to any organization. They no longer smell silicon. They smell blood. What this means is that attempts to exfiltrate a secure system or obtain secure and confidential files will start with the individual. A malicious actor will attempt to exploit someone to get this information. We have been discussing this at length as it has become a significant tool in the arsenal. It is called Phishing!
We will cover this term to ensure we can all recognize a Phishing attempt when it occurs. Why? Because hackers are altering their methods and becoming more sophisticated as employees become more security conscious. With this brief, we will be discussing six of the most common phishing attacks.
The most common type of phishing scam, deceptive phishing refers to any attack by which fraudsters impersonate a legitimate company and attempt to steal people’s personal information or login credentials. Those emails frequently use threats and a sense of urgency to scare users into doing the attackers’ bidding.
For example, Bank account scammers might send out an attack email that instructs them to click on a link in order to rectify a discrepancy with their account. In actuality, the link leads to a fake banking institution login page that collects a user’s login credentials and delivers them to the attackers.
The success of a deceptive phish hinges on how closely the attack email resembles a legitimate company’s official correspondence. As a result, users should scrutinize all URLs to see if they redirect to an unknown website. They should also look out for generic salutations, grammar mistakes, and spelling errors scattered throughout the email.
Not all phishing scams lack personalization – some use it quite heavily.
For instance, in spear phishing scams, fraudsters customize their attack emails with the target’s name, position, company, work phone number, and other information in an attempt to trick the recipient into believing that they have a connection with the sender.
The goal is the same as deceptive phishing: lure the victim into clicking on a malicious URL or email attachment, so that they will hand over their personal data.
Spear-phishing is especially commonplace on social media sites like LinkedIn, Twitter, or Facebook where attackers can use multiple sources of information to craft a targeted attack email.
To protect against this type of scam, employees must remain aware of these types of attempts and be able to spot them. We should also discourage users from publishing sensitive personal or corporate information on social media.
Executive FRAUD (Whaling Attack)
Spear phishers can target anyone in an organization, even top executives. That’s the logic behind a “whaling” attack, where fraudsters attempt to harpoon an executive and steal their login credentials and/or use the information to attempt to convince another individual within the organization that a request is being carried out by the executive. You should always be on the lookout for these attempts as the fraudsters are becoming more creative by the day. Always check the “reply to” field. Does the email actually go back to the executive email or does another email pop up?
Fraudsters can choose to conduct Executive fraud where attackers impersonate an executive and spoof that individual’s email to authorize fraudulent wire transfers or changes to account information to a financial institution of their choice.
NEVER complete financial or confidential information requests using only email authorization. Always clarify with a phone call to the executive making the request.
As users become savvier to traditional phishing scams, some fraudsters are abandoning the idea of “baiting” their victims entirely. Instead, they are resorting to pharming – a method of attack which stems from a domain name system (DNS) cache poisoning.
The Internet’s naming system uses DNS servers to convert alphabetical website names, such as “www.microsoft.com,” to numerical IP addresses used for locating computer services and devices.
Under a DNS cache poisoning attack, a pharmer targets a DNS server and changes the IP address associated with an alphabetical website name. That means an attacker can redirect users to a malicious website of their choice even if the victims entered in the correct website name.
To protect against pharming attacks, organizations must encourages their employees to enter in login credentials only on approved HTTPS-protected sites. This also encourages implementing anti-virus and filtering software on all corporate devices and performing virus database updates, along with security upgrades on a regular basis.
While some phishers no longer bait their victims, others have specialized their attack emails according to an individual company or service.
For example, millions of people use Dropbox every day to back up, access and share their files. It’s no wonder, therefore, that attackers would try to capitalize on the platform’s popularity by targeting users with phishing emails.
One attack campaign, for example, tried to lure users into entering their login credentials on a fake Dropbox sign-in page hosted on Dropbox itself.
To protect against Dropbox phishing attacks, users should consider implementing two-step verification (2SV) on their accounts.
Google Docs Phishing
Fraudsters could choose to target Google Drive similar to the way they might prey upon Dropbox users.
Specifically, as Google Drive supports documents, spreadsheets, presentations, photos and even entire websites, phishers can abuse the service to create a web page that mimics the Google account log-in screen and harvests user credentials.
A group of attackers did just that back in July of 2015. To add insult to injury, not only did Google unknowingly host that fake login page, but a Google SSL certificate also protected the page with a secure connection.
Once again, users should consider implementing 2SV to protect themselves against this type of threat.
Using the guide above, you will be able to more quickly spot some of the most common types of phishing attacks. But that doesn’t mean you will be able to locate each and every phish. On the contrary, phishing is continually evolving to adopt new forms and techniques. We must continue to research and seek new methods to counter these attacks and create awareness for all employees.
DO NOT BECOME THE NEXT VICTIM OF A PHISHING ATTACK!
If you have any questions and/or comments on how we can continue to improve security at Etech, please feel free to reach out to firstname.lastname@example.org.