Out of all the weapons available to a cyber criminal, phishing is probably one of the most widely used. It is generally described as a random, un-targeted attack with the intention of tricking someone into revealing confidential information by replying to an email, clicking a link or filling in a bogus webpage. Most of the popular phishing attacks rely on an element of social engineering. That is deceiving people into gaining access rather than directly hacking into a target system.
Usually the main delivery mechanism is via email and using modern mailing systems they can target millions of email addresses at one time. There are many variations of the phishing attacks ranging from installing keyloggers, duplicate websites or similar. The intent is always to steal personal information such as username, passwords and account numbers.
It is fairly common for these phishing emails to include attachments or links that can install various types of malware onto the victims computer in order to steal their information too.
Quick Summary of Phishing Attacks
There are as explained lots of different types of Phishing attacks and their popularity changes quite regularly.
Email Phishing – is probably the most well known and centers around mass distributions of emails, they are very random and usually rely on volume to succeed.
Spear Phishing – is a more targeted term for phishing which follows the basic premises. However they are usually more sophisticated and tailored towards a certain type of user or organisation.
Man in the Middle (MiTM) attacks involve the attacker positioning themselves between a legitimate website or company and the end user, the goal is to record any information sent. It\’s normally one of the most difficult to operate but also to detect as the transactions are normally legitimate but simply intercepted.
There are many other methods available to capture information with things like keyloggers and screen capture programs popular too, the ideas are always to simply gain passwords or other personal information.
Some other variants include pharming which is even less targeted than phishing just installing malicious code onto servers to redirects any user to fake websites. There are various methods of doing this including several involving DNS like modifying a users host file to redirect them without their knowledge. A particularly sinister version of pharming is known as DNS (Domain Name System) poisoning where users are directed to fraudulent websites without the need for corruption of the personal host file. Others use legitimate or at least semi-legitimate services to trick people to using them. One of the more popular methods was to put free proxy servers out on the internet for people to bypass region blocks, these were then used to steal peoples credentials as they were using them. This explains the method of region lock bypass using a proxy to watch the BBC although the example used in the post was a commercial service.
Malware Phishing – Is the process of download malware on a users’ device either through an attachment in an email, a downloadable web file or exploiting software vulnerabilities.
Further Reading – Security Information and UK VPN trial