DBA Tech advisory
Phishing: What are the different types of techniques
In our previous blog, we talked about the signs you should look for in order to recognise a phishing attack. This time, we will talk about the different types of phishing techniques, new and old.
Although phishers prefer using emails in their attacks, there are various types of phishing techniques that they use. From the simplest to more sophisticated techniques, phishers will do anything to take advantage of other people and steal their sensitive information.
In addition, advancements in technology and software has allowed phishers to innovate their attacks and expand their criminal range. Recently, phishers have been targeting their victims with sophisticated orchestrated attacks using COVID-19 as a lure. Experts report that there has been a 667% increase in COVID-19 related email phishing attacks since the end of February.
To help you become more aware of phishing attacks, we have compiled some of the different types of phishing techniques that phishers use, including the most recent ones being documented by experts.
Types of Phishing Techniques
Spear Phishing is a targeted attack. Phishing scammers target a specific individual or organisation after doing extensive research. The attack is more personalised to ensure that the target takes the bait.
Recently, users of streaming service Netflix in Brazil have been attacked by phishing emails asking them to update their account information. Experts believe phishers took advantage of an announcement made by Netflix about a reduction in streaming quality for European viewers.
Whaling is a type of spear phishing attack directed at senior executives or high-profile members of a business or organisation to collect sensitive information about their employees or clients.
For example, in 2019, a sophisticated hacking group called London Blue reportedly expanded their database of more than 50,000 financial executives – i.e. chief financial officers, executive assistants and other finance leaders. The phishers use the identities of higher executives to trick other senior staff members to transfer funds into the hackers’ accounts.
Email/Spam is the most common phishing technique. Scammers use marketing strategies to bait their victims into providing their credentials. The messages usually have an urgent tone and asks you to click a link to fill out a form, and update and verify your account and billing information.
Contextual scams is when phishers use current events or issues in their phishing emails to bait victims into donating or giving out their information. One example is the increase of COVID-19 related phishing scams. The World Health Organization (WHO) warned people not to fall victim to phishing emails claiming to be from the organisation, and to report such emails immediately to their office.
Another example is the recent phishing attacks on taxpayers in the US. Phishers have been using phishing emails, text messages, and voice calls to trick taxpayers into giving away their stimulus cheques or spending money from the government. According to reports, the phishers told victims that they need to confirm their banking information before they can receive their cheques.
Web Based Delivery, also known as man-in-the-middle, is a more sophisticated phishing technique. Here, the phisher will phish your information by tracing your transactions to a particular website that you often access. As you continue to transact with that website, the phisher will continue to gather the information you’re passing to it.
Session Hijacking is another sophisticated technique used by phishers, where in they steal your information by exploiting the web session control mechanism. The phisher will use a sniffer to intercept your account information and illegally access the website that you are logged into.
Pharming or phishing without a lure, is a technique done either by altering an IP address, so that it redirects you to a fake website, or manipulating the legitimate website’s DNS server to gain access to personal information.
Bitdefender, a cybersecurity organisation, recently found out that phishers have altered the DNS IP addresses of several websites with vulnerable routers. Victims, who were searching for updates in COVID-19, were redirected to a fake website where they were asked to click a link to download the updates. Upon clicking, they will actually be downloading an infostealer called Oski, which can extract not only your browser credentials, but also your cryptocurrency wallet passwords.
Homoglyphs is when a phisher will register a fake domain name of a legitimate business or organisation by taking advantage of the character scripts used in the real domain. Victims are tricked into believing that the fake domain is authentic.
Cofense, phishing defense center, recently found a very intricate phishing attack involving the use of a fake Sharepoint domain, a redirect fromYoutube, and a fake Google Cloud landing page.
Phishers sent out emails from sharepointeonline-po.com, a fake domain masking as Sharepoint. The emails contained a message stating that a new file has been uploaded to their company’s Sharepoint site. Once clicked, the users will be redirected to Youtube, which then redirects them to the fake SharePoint, which in turn goes to a Google Cloud page where they will be asked for their Microsoft login information.
Clone phishing is when phishers take an email sent by a legitimate business or organization. and clone the content and the recipient address. They will then replace the attachment or link with a malicious version and send it back to the recipient as a resend of the original or an updated version. This typically happens when the sender’s or recipient’s email has been compromised.
Link Manipulation happens when the phisher sends a message pretending to be from a reputable business or organisation, and will ask you to click the link to its website. However, if you look closely, the URL for the link might be misspelled and is in fact a link to a phishing site. Some phishers “cloak” the link by using tags – i.e. Subscribe/Unsubscribe here, Click here, Order now – that will lead you to a phishing site upon clicking.
Content or Web Injection is another sophisticated phishing technique. Here, a phisher will hack a reliable website and change some of its content. The phisher can “inject” or add a link to a different website or page, or patch part of your browser processes, to take you to a fake website where you will be asked to enter your personal information.
Recently, phishers have been using an old banking trojan called Zeus Sphinx to steal bank credentials from clients of major banks in Australia, Brazil, and North America. Using relief payments for COVID-19 as a lure, phishers sent emails asking victims to fill out the attached form which contains malware. Once installed in the victim’s device, it will use web injections to change the victim’s bank’s website. The victim will think they are logging into their bank’s website, but it’s actually a copy.
Phishing through Search Engines is when the phisher uses search engines to lead you to a website selling low cost products or services, or offering credit cards or loans at a low rate, but are actually phishing sites. When you try to order, buy or register, the phishing site will collect your credit card information.
Malware is when phishers attach a malware in an email containing downloadable files. The malware will install itself in your device and allow the phisher to collect your personal information and credentials.
Malvertising is a malicious advertisement in PDF or flash files that downloads malware into your device or force unwanted content to on to your device.
Ransomware is a type of malware that uses a social engineering attack. When it is run in your device, it will deny you access to your device or files, unless you pay a certain amount to the phisher.
In 2018, the entire city of Atlanta, Georgia in the United States have been attached by phishers, who crippled several of the city’s systems. The cyber criminals asked for $51,000 in bitcoin as ransom for the city’s services to be restored.
Trojan is also a type of malware designed to mislead you. Once the malware has been installed in your device, it will ask you to allow it to perform a legitimate task. After you “Allow” it to perform the task, it will access and collect your personal information and credentials, and send them to the phisher.
Spy-phishing is a mix of spyware and phishing techniques. Considered a crimeware, spy-phishers usually target companies and corporations. They will hack into your company’s network, and surf and download sensitive files.
Keyloggers is a type of malware that can identify your keyboard inputs. The information is sent to the phisher, who will decode the or decipher your personal information.
Smishing is phishing using Short Message Service (SMS) or text messages. The phisher will send you a smishing text asking you to provide your personal information, or a link that leads to a phishing website.
Vishing or Voice Phishing, is a phishing technique using phone calls. A phisher will call you through Voice over Internet Protocol (VoIP) and pretend to be from a reliable business or organisation or ask you to dial a set of numbers, which will allow them to collect your passwords or credit card details
There are other techniques used by phishers to lure victims, such as:
- SaaS Phishing – phishers can steal login credentials to a Software as a Service (SaaS) site to gain access to sensitive data which they can use for spear phishing attacks.
- File-hosting applications – instead of the usual email or SMS, phishers use file-hosting sites and sharing applications, e.g. Dropbox, Google Drive, etc. to upload files that contain malicious content or URLS.
- Money Mule Scams – this method is usual used on social media users. Phishers will ask victims if they can use their bank accounts to pass through money they have illegally acquired through phishing in exchange for a percentage of the money.
- Romance scams – phishers use dating sites and social media to lure victims. They take advantage of people looking for a relationship, and ask them for money.
Phishing attacks are becoming bolder and more sophisticated. To help you identify an attack, here are the different types of phishing techniques being used.
© 2018 DBA. All Rights Reserved.
Give us a call: + 61 2 8065 4711