TechBizWebTechBizWeb

    Subscribe to Updates

    Get the latest news about Technology and Business from all around the web..

    What's Hot

    Deribit claims crypto hedge fund Three Arrows failed to repay $80mn

    July 2, 2022

    Missile strikes rekindle fear among Kyivans as Moscow renews attacks

    July 2, 2022

    FTX agrees deal with option to buy BlockFi for up to $240mn

    July 2, 2022
    Facebook Twitter Instagram
    • About Us
    • Privacy Policy
    • Guest Post
    • Terms
    • Contact
    Facebook Twitter Instagram
    TechBizWebTechBizWeb
    Subscribe
    • Home
    • Technology

      Twitch is testing channel surfing

      July 2, 2022

      You can now play the “all your base are belong to us” game on your Switch

      July 2, 2022

      There’s a better way to bypass Windows 11 install restrictions

      July 2, 2022

      What is the best controller for Xbox consoles?

      July 1, 2022

      The GPU shortage is over

      July 1, 2022
    • Business
    • Cyber Security

      Tips to bolster cybersecurity, incident response this 4th of July weekend

      July 1, 2022

      Jon Raper named CISO at Costco

      July 1, 2022

      2022 RSAC takeaways: Risk management vs compliance

      July 1, 2022

      3 security lessons we haven’t learned from the Kaseya breach

      July 1, 2022

      Auston Davis named CISO at Versant Health

      June 30, 2022
    • Blockchain
    • Vulnerabilities
    • Social Engineering
    • Malware
    • Cyber Security Alerts
    TechBizWebTechBizWeb
    Home»Social Engineering»What is phishing? Examples, types, and techniques
    Social Engineering

    What is phishing? Examples, types, and techniques

    April 12, 2022Updated:April 12, 2022No Comments7 Mins Read
    Facebook Twitter Pinterest LinkedIn Tumblr WhatsApp
    Share
    Facebook Twitter LinkedIn Pinterest Email

    Phishing definition

    Phishing is a type of cyberattack that uses disguised email as a weapon. These attacks use social engineering techniques to trick the email recipient into believing that the message is something they want or need—a request from their bank, for instance, or a note from someone in their company—and to click a link or download an attachment.

    “Phish” is pronounced just like it’s spelled, which is to say like the word “fish”—the analogy is of an angler throwing a baited hook out there (the phishing email) and hoping you bite.

    Phishing emails can be targeted in several different ways, with some not being targeted at all, some being “soft targeted” at someone playing a particular role in an organization, and some being targeted at specific, high-value people.

    Phishing history

    One of the oldest types of cyberattacks, phishing dates back to the 1990s, and it’s still one of the most widespread and pernicious, with phishing messages and techniques becoming increasingly sophisticated.

    The term arose among hackers aiming to trick AOL users into giving up their login information. The “ph” is part of a tradition of whimsical hacker spelling, and was probably influenced by the term “phreaking,” short for “phone phreaking,” an early form of hacking that involved playing sound tones into telephone handsets to get free phone calls.

    Some phishing scams have succeeded well enough to make waves:

    What a phishing email can do

    There are a couple of different ways to break attacks down into categories. One is by the purpose of the phishing attempt—what it is intended to do. Generally, a phishing campaign tries to get the victim to do one of two things:

    Hand over sensitive information. These messages aim to trick the user into revealing important data—often a username and password that the attacker can use to breach a system or account. The classic version of this scam involves sending out an email tailored to look like a message from a major bank; by spamming out the message to millions of people, the attackers ensure that at least some of the recipients will be customers of that bank. The victim clicks on a link in the message and is taken to a malicious site designed to resemble the bank’s webpage, and then hopefully enters their username and password. The attacker can now access the victim’s account.

    Download malware. Like a lot of spam, these types of phishing emails aim to get the victim to infect their own computer with malware. Often the messages are “soft targeted”—they might be sent to an HR staffer with an attachment that purports to be a job seeker’s resume, for instance. These attachments are often .zip files, or Microsoft Office documents with malicious embedded code. One of the most common form of malicious code is ransomware—in 2017 it was estimated that 93% of phishing emails contained ransomware attachments.

    Types of phishing

    Another way to categorize these attacks is by who they target and how the messages are sent. If there’s a common denominator among phishing attacks, it’s the disguise. The attackers spoof their email address so it looks like it’s coming from someone else, set up fake websites that look like ones the victim trusts, and use foreign character sets to disguise URLs.

    That said, there are a variety of techniques that fall under the umbrella of phishing. Each of these types of phishing are a variation on a theme, with the attacker masquerading as a trusted entity of some kind, often a real or plausibly real person, or a company the victim might do business with.

    Email phishing: With general, mass-market phishing attacks, emails are sent to millions of potential victims to try to trick them into logging in to fake versions of very popular websites.

    Ironscales has tallied the most popular brands that hackers use in their phishing attempts. Of the 50,000-plus fake login pages the company monitored, these were the top brands attackers used:

    • PayPal: 22%
    • Microsoft: 19%
    • Facebook: 15%
    • eBay: 6%
    • Amazon: 3%

    Spear phishing: When attackers craft a message to target a specific individual. For instance, the spear phisher might target someone in the finance department and pretend to be the victim’s manager requesting a large bank transfer on short notice.

    Whaling: Whale phishing, or whaling, is a form of spear phishing aimed at the very big fish—CEOs or other high-value targets like company board members.

    Gathering enough information to trick a really high-value target might take time, but it can have a surprisingly high payoff. In 2008, cybercriminals targeted corporate CEOs with emails that claimed to have FBI subpoenas attached. In fact, they downloaded keyloggers onto the executives’ computers—and the scammers’ success rate was 10%, snagging almost 2,000 victims.

    Business email compromise (BEC): A type of targeted phishing attack in which attackers purport to be a company’s CEO or other top executive, typically to get other individuals in that organization to transfer money.

    Vishing and smishing: Phishing via phone call and text message, respectively.

    Other types of phishing include clone phishing, snowshoeing, social media phishing, and more—and the list grows as attackers are constantly evolving their tactics and techniques.

    How phishing works

    All the tools needed to launch phishing campaigns (known as phishing kits), as well as mailing lists are readily available on the dark web, making it easy for cyber criminals, even those with minimal technical skills, to pull off phishing attacks.

    A phishing kit bundles phishing website resources and tools that need only be installed on a server. Once installed, all the attacker needs to do is send out emails to potential victims.

    Some phishing kits allow attackers to spoof trusted brands, increasing the chances of someone clicking on a fraudulent link. Akamai’s research provided in its Phishing–Baiting the Hook report found 62 kit variants for Microsoft, 14 for PayPal, seven for DHL, and 11 for Dropbox.  

    The Duo Labs report, Phish in a Barrel, includes an analysis of phishing kit reuse. Of the 3,200 phishing kits that Duo discovered, 900 (27%) were found on more than one host. That number might actually be higher, however. “Why don’t we see a higher percentage of kit reuse? Perhaps because we were measuring based on the SHA1 hash of the kit contents. A single change to just one file in the kit would appear as two separate kits even when they are otherwise identical,” said Jordan Wright, a senior R&D engineer at Duo and the report’s author.

    Anatomy of a Phishing Kit [infographic by Duo Security]Duo Security

    Phishing examples

    Criminals rely on deception and creating a sense of urgency to achieve success with their phishing campaigns. As the following examples show, these social engineers know how to capitalize on a crisis.

    Phishing example: Corona update
    The following screen capture is a phishing campaign discovered by Mimecast that attempts to steal login credentials of the victim’s Microsoft OneDrive account. The attacker knew that with more people working from home, sharing of documents via OneDrive would be common.

    mimecast wfh phishing campaign 1Mimecast

    Phishing example: Covid cure
    This phishing campaign, identified by Proofpoint, asks victims to load an app on their device to “run simulations of the cure” for COVID-19. The app, of course, is malware.

    malicious spoofed foldinghome email with link to malware Proofpoint

    Phishing example: A matter of public health
    This email appears to be from Canada’s Public Health Agency and asks recipients to click on a link to read an important letter. The link goes to a malicious document.

    fake public health agency of canada lure Proofpoint

    How to prevent phishing

    The best way to learn to spot phishing emails is to study examples captured in the wild! Lehigh University’s technology services department maintains a gallery of recent phishing emails received by students and staff.

    There also are a number of steps you can take and mindsets you should get into that will keep you from becoming a phishing statistic, including:

    • Always check the spelling of the URLs in email links before you click or enter sensitive information
    • Watch out for URL redirects, where you’re subtly sent to a different website with identical design
    • If you receive an email from a source you know but it seems suspicious, contact that source with a new email, rather than just hitting reply
    • Don’t post personal data, like your birthday, vacation plans, or your address or phone number, publicly on social media

    If you work in your company’s IT security department, you can implement proactive measures to protect the organization, including:

    • “Sandboxing” inbound email, checking the safety of each link a user clicks
    • Inspecting and analyzing web traffic
    • Conducting phishing tests to find weak spots and use the results to educate employees

    Encouraging employees to send you suspected phishing emails—and then following up with a word of thanks.

    Copyright © 2022 IDG Communications, Inc.

    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

    Related Posts

    5 social engineering assumptions that are wrong

    June 24, 2022 Social Engineering

    Threat actors becoming more creative exploiting the human factor

    June 13, 2022 Social Engineering

    PIXM releases new computer vision solution for mobile phishing

    May 25, 2022 Social Engineering

    New RAT malware uses sophisticated evasion techniques, leverages COVID-19 messaging

    May 11, 2022 Social Engineering

    Musk’s Twitterverse and the future of misinformation

    May 6, 2022 Social Engineering

    Chinese APT group Mustang Panda targets European and Russian organizations

    May 5, 2022 Social Engineering
    Editors Picks

    Missile strikes rekindle fear among Kyivans as Moscow renews attacks

    July 2, 2022

    FTX agrees deal with option to buy BlockFi for up to $240mn

    July 2, 2022

    The end of the frictionless life

    July 2, 2022

    Twitch is testing channel surfing

    July 2, 2022
    Trending Now

    What is the best controller for Xbox consoles?

    By techbizweb

    Klarna valuation crashes to $6.5bn from $46bn

    By techbizweb

    The GPU shortage is over

    By techbizweb

    https://www.nationalsportsacademy.com

    slot gacor hari ini

    http://www.inadesfo.org/

    http://www.eueomgbissau.org/

    http://www.congo-mai-mai.net/

    http://www.angelesdelafrontera.org/

    http://fifaworldcup2018schedule.com/

    http://tony4gtrmcr.co.uk/

    http://www.standrewsagreement.org/

    http://www.bob-russell.co.uk/

    http://davidmulholland.co.uk/

    http://railwayhotelenniskillen.com/

    http://www.fantasysportstrades.com/

    http://www.rainleaf-flooring.com

    http://mothersagainstguns.org/

    http://ma-coc.org/

    slot online

    http://www.paradoxmag.com/situs-judi-slot-online-gampang-menang-2021/

    http://www.paradoxmag.com/situs-judi-slot-online-terbaru-2021/

    http://slot-terbaru.net/

    Slot Gacor

    Slot Online

    Situs Slot Gacor

    http://www.appdexterity.com/

    https://cars4kids-deutschland.de/

    https://www.stretchingculture.com/

    https://www.b-123-hp.com/slot-gacor/

    https://denzstaffing.nl/

    https://ezbbqcooking.com/slot-gacor/

    https://www.mbahelp24.com/slot-gacor

    https://minhtanstore.com/slot-jackpot-terbesar/

    https://njbpusupplierdiversity.com/slot-gacor-gampang-menang/

    https://www.floridaspecialtycropfoundation.org/slot-gampang-menang/

    https://childrenscornerpreschool.org/slot-gacor-gampang-menang/

    https://cryptoquoter.com/slot-online-terbaik/

    https://alorkantho24.com/slot-gacor/

    https://ellas.xyz/slot-gacor/

    https://it.dougamatome.xyz/slot-online/

    https://www.daltercume.com/slot-gacor/

    https://josi-ana.dougamatome.xyz/slot88/

    https://josi-ana.dougamatome.xyz/slot-gacor/

    https://fastobserver.com/slot-jackpot-terbesar/

    https://www.planetexperts.com/slot-gacor/

    https://bfsolution.group/slot-bet-kecil/

    https://rustleva.co/slot/

    https://bfsolution.group/slot-bet-kecil/

    https://www.hotelcalimareal.com/togel-online/

    https://anime-game.dougamatome.xyz/slot-gacor-gampang-menang/

    https://anime-game.dougamatome.xyz/togel-online/

    https://bourbonbarrelfoods.com/slot/

    http://suneo39.wp.xdomain.jp/slot/

    https://techbizweb.com/slot-gacor/

    https://www.generalcatalyst.com/18-daftar-slot-gacor-terbaik-gampang-menang-jackpot-hari-ini/

    https://www.hotelcalimareal.com/slot-online/

    https://www.blockgates.io/slot-gacor/

    https://l12.com.br/slot-gacor/

    slot paling gacor

    https://www.donalds-hobby.com/slot-online/

    https://thecryptodirt.com/slot-gacor-hari-ini/

    http://iseta.edu.ar/aulavirtual/app/upload/users/1/1205/my_files/sbobet.html

    http://escuelavirtual.mincit.gov.co/app/upload/users/1/194/my_files/slot.html

    https://www.dev.medecinesfax.org/courses/JUDICASINO/document/slot.html

    http://www.e-archivos.org/cursos/courses/JUDICASINO/document/slot-gacor.html

    http://iesma.com.br/ead/main/upload/users/4/447/my_files/slot.html

    https://www.fundacoop.org/chamilo/app/upload/users/1/1185/my_files/slot.html

    https://fata-aatf.org/eskola/main/upload/users/3/31/my_files/slot.html

    https://uancv.edu.pe/ofinvestigacion/app/upload/users/3/328/my_files/slot-terlengkap.html

    https://micost.edu.my/EL/app/upload/users/2/209/my_files/slot-gacor.html

    https://www.academiacoderdojo.ro/elearningdev/app/upload/users/2/2442/my_files/slot-online.html

    http://campus-cidci.ulg.ac.be/courses/JUDICASINO/document/slot-termurah.html

    https://www.escueladerobotica.misiones.gob.ar/aula-ste/courses/LIVECASINO/document/slot-tergacor.html

    http://ccdipeepccqqfar.usac.edu.gt/chamilo/app/upload/users/3/358/my_files/slot-online.html

    https://cunori.edu.gt/campus/app/upload/users/7/7334/my_files/slot-online.html

    http://u-rus.com.ar/aula/app/upload/users/1/1322/my_files/slot.html

    http://icrodarisoveria.edu.it/chamilo/app/upload/users/1/1855/my_files/slot.html

    https://iestpliliagutierrez.edu.pe/clarolgm/courses/CASINO/document/slot.html

    http://pva.cobach.edu.mx/app/upload/users/7/7379/my_files/slot.html

    http://www.imb-pc-online.edu.gt/PL/app/upload/users/3/373/my_files/slot.html

    http://avcs.upeu.edu.pe/main/upload/users/3333/my_files/slot.html

    https://chamilo.fca.uas.edu.mx/app/upload/users/1/11186/my_files/slot-online/

    TechBizWeb
    Facebook Twitter Instagram Pinterest Vimeo YouTube
    • Home
    • Guest Post
    • About Us
    • Privacy Policy
    • Our Authors
    • Terms and Conditions
    • Contact
    © 2022 Tech Biz Web. Developed by Sawah Dev.

    Type above and press Enter to search. Press Esc to cancel.