Phishing attacks have been around since the early days of the internet. Cybercriminals propagated the first phishing attacks in the mid-1990s, using the America Online (AOL) service to steal passwords and credit card information. While modern attacks use similar social engineering models, cybercriminals use more evolved tactics. At its core, phishing is an attack methodology that uses social engineering tactics to make a person take an action that is against their best interests. With a better understanding of the 14 types of phishing attacks and how to identify them, organizations can protect their users and data more effectively. Show
1. Email phishingAlso called “deception phishing,” email phishing is one of the most well-known attack types. Malicious actors send emails to users impersonating a known brand, leverage social engineering tactics to create a heightened sense of immediacy and then lead people to click on a link or download an asset. The links traditionally go to malicious websites that either steal credentials or install malicious code, known as malware, on a user’s device. The downloads, usually PDFs, have malicious content stored in them that installs the malware once the user opens the document. How to identify email phishing:Most people recognize some of the primary indicators of a phishing email. However, for a quick refresher, some traditional things to look for when trying to mitigate risk include:
2. HTTPS phishingThe hypertext transfer protocol secure (HTTPS) is often considered a “safe” link to click because it uses encryption to increase security. Most legitimate organizations now use HTTPS instead of HTTP because it establishes legitimacy. However, cybercriminals are now leveraging HTTPS in the links that they put into phishing emails. How to identify HTTPS phishingWhile often part of an email phishing attack, this is a slightly nuanced approach. When trying to decide if a link is legitimate or not, consider:
3. Spear phishingAlthough spear phishing uses email, it takes a more targeted approach. Cybercriminals start by using open source intelligence (OSINT) to gather information from published or publicly available sources like social media or a company’s website. Then, they target specific individuals within the organization using real names, job functions, or work telephone numbers to make the recipient think the email is from someone else inside the organization. Ultimately, because the recipient believes this is an internal request, the person takes the action mentioned in the email. How to identify spear phishing:
4. Whaling/CEO fraudAnother type of corporate phishing that leverages OSINT is whale phishing, also called whaling or CEO fraud. Malicious actors use social media or the corporate website to find the name of the organization’s CEO or another senior leadership member. They then impersonate that person using a similar email address. The email might ask for a money transfer or request that the recipient review a document. How to identify CEO fraud:
5. VishingVoice phishing, or “vishing,” happens when a cybercriminal calls a phone number and creates a heightened sense of urgency that makes a person take an action against their best interests. These calls normally occur around stressful times. For example, many people receive fake phone calls from people purporting to be the Internal Revenue Service (IRS) during tax season, indicating that they want to do an audit and need a social security number. Because the call creates a sense of panic and urgency, the recipient can be tricked into giving away personal information. How to identify vishing:
6. SmishingMalicious actors often apply similar tactics to different types of technologies. Smishing is sending texts that request a person take an action. These are the next evolution of vishing. Often, the text will include a link that, when clicked, installs malware on the user’s device. How to identify smishing:
7. Angler phishingAs malicious actors move between attack vectors, social media has become another popular location for phishing attacks. Similar to both vishing and smishing, angler phishing is when a cybercriminal uses notifications or direct messaging features in a social media application to entice someone into taking action. How to identify angler phishing:
8. PharmingPharming is more technical and often more difficult to detect. The malicious actors hijack a Domain Name Server (DNS), the server that translates URLs from natural language into IP addresses. Then, when a user types in the website address, the DNS server redirects the user to a malicious website’s IP address that might look real. How to identify pharming:
9. Pop-up phishingAlthough most people use pop-up blockers, pop-up phishing is still a risk. Malicious actors can place malicious code in the small notification boxes, called pop-ups, that show up when people go to websites. The newer version of pop-up phishing uses the web browser’s “notifications” feature. For example, when a person visits a website, the browser prompts the person with “www.thisisabadlifechoice.com wants to show notifications.” When the user clicks “Allow,” the pop-up installs malicious code. How to identify pop-up phishing:
10. Clone phishingAnother targeted email phishing attack, clone phishing, leverages services that someone has previously used to trigger the adverse action. Malicious actors know most of the business applications that require people to click links as part of their daily activities. They will often engage in research to see what types of services an organization uses regularly then send targeted emails that appear to come from these services. For example, many organizations use DocuSign to send and receive electronic contracts, so malicious actors might create fake emails for this service. How to identify clone phishing:
11. Man-in-the-middle (MTM) attacksA man-in-the-middle phishing attack occurs when the cybercriminal gets in “the middle” of two sources, and tries to steal data or information that is shared between the two users. This can be anything from personal information to accounting details to payment credentials. How to identify a man-in-the-middle attack:MTM phishing attacks can be identified or detected by using deep flow inspection (DFI) and deep packet inspection (DPI) throughout network monitoring. These two types of inspections provide network security monitors with packet size and length information, which can be used to help identify unusual network traffic throughout your organization. 12. Evil twinAn evil twin phishing attack uses a fake WiFi hotspot, often making it look legitimate, that might intercept data during transfer. If someone uses the fake hotspot, the malicious actors can engage in man-in-the-middle or eavesdropping attacks. This allows them to collect data like login credentials or sensitive information transferred across the connection. How to identify an evil twin phishing attack:
13. Watering hole phishingAnother sophisticated phishing attack, watering hole phishing starts with malicious actors doing research around the websites a company’s employees visit often, then infecting the IP address with malicious code or downloads. These can be websites that provide industry news or third-party vendors’ websites. When the user visits the website, they download the malicious code. How to identify watering hole phishing:
14. Search engine phishingSearch engine phishing is when a cybercriminal creates a fake product to target users while they are searching the web. If a user falls victim to this type of phishing attack and decides to try and purchase these products, a cybercriminal then has the opportunity to access sensitive information given by the user during the checkout process. How to identify search engine phishingIt can be hard to identify if you are being targeted by a cybercriminal with search engine phishing. However, search engine phishing often displays discounts, giveaways, employment opportunities, etc. which are often too good to be true. To best avoid and identify these types of phishing attacks, be cautious of products that are hard to find or unreasonably cheap. Recent examples of a phishing attackRecently, cybercriminals have been using phishing attacks against Twitter users seeking to gain verification on their accounts (ie. the blue checkmark). Verified accounts are designed to confirm the identity of the user behind the account, most popular for celebrities, influencers, politicians, etc. However, a recent report has found that cybercriminals are using the incentive to become verified to trick users into giving out sensitive information, using email phishing as their number one tactic. For example, once a cybercriminal identifies a user that is trying to receive Twitter account verification, they send a phishing email to the user saying that there was a problem with their request and that they need to “Check Notifications” to confirm their account details. If the user falls victim to this and clicks on the malicious link, the user is then sent to a non-secure website, created by the cybercriminal. From there, cybercriminals have full access to any information the user enters on that site. How to prevent a phishing attackAlthough phishing starts with social engineering tactics, some newer methodologies can be difficult for users to detect. Taking multiple steps to prevent malicious actors from successfully infiltrating systems, networks, and software can mitigate phishing risks. Train your employeesThe first line of defense is ensuring that employees have the training necessary to protect information. As malicious actors evolve their methodologies, you should provide training that goes beyond the traditional “phishing emails” approach. Any phishing awareness training should also include newer methodologies, like watering hole phishing attacks. Use email filtersAlthough normally associated with “spam filters,” email filters can also scan for additional risks indicating an attempted phishing attack. For example, cybercriminals often hide malicious code in a PDF’s active content or the coding that enables things like readability and editability. Finding the right email filtering solution can help reduce the number of risky phishing emails that make it through to users. Install website alerts in browsersProtecting against malicious websites is more important than ever. Recognizing that organizations are filtering emails more purposefully, cybercriminals now target website code. Make sure that end-users’ browsers alert them to potentially risky websites. Limit access to the internetUsing access control lists (ACLs) is another way to mitigate the risks arising from malicious websites. You can create access controls for your networks that “deny all” access to certain websites and web-based applications. Require multi-factor authenticationSince malicious actors often look to steal user credentials, requiring multi-factor authentication can mitigate this risk. You want to require users to provide two or more of the following every time they log into your networks, systems, and applications:
Monitor for and takedown fake websitesOrganizations in highly targeted industries, like financial services and healthcare, often use companies who can monitor for and spend time taking down spoofed versions of their websites. This is a way to protect your employees and customers who click on a malicious link from giving cybercriminals their login credentials. Install security patch updates regularlyMany phishing attacks exploit common vulnerabilities and exposures (CVEs), or known security weaknesses. To prevent this, make sure to regularly install security updates that respond to these known risks. Set regular data backupOften, phishing attacks leave behind malware, which can also include ransomware. To mitigate the impact that ransomware can have on your organization’s productivity, create a robust data backup program that follows the 3-2-1 method of 3 copies of data, on 2 different media, with 1 being offsite. Phishing attacks FAQsWhat are phishing attacks?Phishing attacks are a methodology that uses social engineering tactics to make a person take an action that is against their best interests. What is a whaling attack?A whaling attack is a method used by attackers to disguise themselves as senior executives at an organization with the goal of gaining access to sensitive information and computer systems for criminal purposes. What is email phishing?Email phishing is when cybercriminals send emails to users impersonating a known brand to create a heightened sense of immediacy and then lead people to click on a link or download an asset. How to prevent a phishing attack?To best prevent a phishing attack on your business, you must:
SecurityScorecard: Promoting resiliency by monitoring riskSecurityScorecard’s platform provides easy-to-read security ratings using an A-F system. We monitor across ten categories of risk, including DNS health, patching cadence, web application security, information leaks, and social engineering. Our platform uses publicly available information for a non-intrusive approach to monitoring the security posture of your organization and its supply chain. With SecurityScorecard’s platform, you can gain insight into potential security weaknesses that can make phishing attacks successful. What is impersonation attempt?An impersonation attack is a type of targeted phishing attack where a malicious actor pretends to be someone else or other entities to steal sensitive data from unsuspecting employees using social engineering tactics. Hackers attempt to trick the victim into transferring money, giving up sensitive information, or ...
What is impersonation in information security?Impersonation Attack is another form of cyber attack which takes place with the malicious intent of stealing confidential information.
What are the types of impersonation?Different types of impersonation fraud. Executive impersonation: These are cases where the impersonator either takes over an executive account, such as a CEO or CFO of the company. ... . Vendor impersonation: This is another type of fraud, where the impersonator spooks email IDs of legitimate.... What is an impersonation attack that takes?Email impersonation attacks are a type of phishing attack where the attacker impersonates a legitimate sender in order to trick the recipient into clicking on a malicious link or attachment. These attacks are typically used to steal sensitive information such as login credentials or financial information.
|