top of page
Sphere on Spiral Stairs

Types of Phishing attack

Writer's picture: BLACK DEVILBLACK DEVIL
Sep 21, 20229 min read

In a previous blog, we learn about what is phishing attack and how we can save ourselves from this

In this blog, we learn about the types of phishing attack


There is 19+ phishing attack but there is only 3 main attack that is considered as highly effective attack in a phishing attack


1) Whale Phishing

2) spear Attack

3) Pharming


WHALE PHISHING


The whale is a highly targeted phishing attack- aimed at senior executives- masquerading as a legitimate email. Whaling is digitally enabled fraud through social engineering, designed to encourage victims to perform a secondary action, such as initiating a wire transfer of funds.


Whaling does not require extensive technical knowledge yet can deliver huge returns. As such, it is one of the biggest risks facing businesses. Financial institutions and payment services are the most targeted organizations, however, cloud storage and file hosting sites, online services, and e-commerce sites are receiving a larger share of attacks.


whaling emails are more sophisticated than generic phishing emails as they often target chief('c-level') executives and usually:

  • contain personalized information about the targeted organization or individual

  • convey a sense of urgency

  • are crafted with a solid understanding of business language and tone


WHAT ARE THE CONSEQUENCES?


Whaling emails are a form of social engineering in which I'm to encourage the victim to take a secondary action such as:

  • Clicking on a link to a site that delivers malware

  • Requesting a transfer of funds to the attacker's bank account

  • Requests for additional details about the business or individual in order to conduct further attacks.

FINANCIAL LOSS


The 2016 Phishing Trends and intelligence report by PhishLabs found that 22% of spear phishing attacks analyzed in 2015 were motivated by financial fraud or related crimes. The table below illustrates five of the largest financial losses to organizations as a result of whaling emails. In these examples, a senior executive received a fraudulent email requesting a transfer of funds, from what appeared to be a trusted supplier, partner, or member of the organization.




LOSS OF DATA


Clicking on a link or downloading an attachment in an email can result in corporate networks becoming infected with malware. This can result in data breaches such as the loss of customer data or intellectual property theft.


REPUTATIONAL DAMAGE


Financial or data loss through a whaling attack can be extremely embarrassing to both an organization and an individual. FAACC, an Austrian aerospace manufacturer that lost 50 million EURO as a result of a targeted email attack in 2016, decided to fire several members of staff including the CEO, for their involvement in the incident.



RECENT CHANGES IN COMMON WHALING TACTICS


Initially, whaling emails were not much harder to identify than their less targeted phishing counterparts. However, the adoption of fluent business terminology, industry knowledge, personal references, and spoofed email addresses have made sophisticated whaling emails difficult for even a cautious eye to identify.

Highly targeted content is now combined with several other methods that executives should be aware of to reduce their chances of falling victim to a whaling attack. Crucially all these developments either exploit existing trusted relationships or combine a cyber attack with non-cyber fraud tactics.


WHALING EMAIL WITH A PHONE CALL


The NCSC is aware of several incidents whereby a whaling email was received and then followed up with a phone call confirming the email request. This is a social engineering tactic that could be described as a cyber attack as they have also had a real-world interaction.





Whaling emails from malicious actors masquerading as a trusted partner


The rise of supply chain attacks ( where a supplier of a partner organization's network is compromised in order to gain access to the target organization) has been well documented. However, recent whaling attacks have used easily accessible information on suppliers or partners to construct whaling emails that appear credible. If an organization advertises partners such as charities, law firms, think tanks, or academic institutions, they should be aware that they may receive emails from malicious actors masquerading as those trusted partners.



Whaling emails that appear to be from colleagues


This is when an employee's email address is either compromised (or a spoofed email address is used) to convince other employees that they are receiving a legitimate request from a colleague. This is especially effective when the email address of a very senior executive is spoofed to request an urgent payment to a junior member of (for example) a finance department.



Whaling through social media


Online social networking is an increasingly prevalent way of developing business contacts, recruiting employees, and hosting discussions. However social media accounts, both professional and personal, provide a means for malicious actors to research and make contact with senior executives. They provide a goldmine of information for social engineering, and victims are often less vigilant to attack in a more social forum. According to Proof Point, there was a 150% increase in social media phishing attacks in 2015.


Catching your white whale


It is crucial to remember that whaling is a means of social engineering, and malicious actors will use methods exploiting established trust structures, existing outside the cyber realm, to reassure the victim. Simply making your employees aware of social engineering threats doesn't make them invulnerable; some attacks are too well crafted and no amount of user awareness and training can guarantee their detection. Employee and executive training on social engineering tactics should be considered part of a series of technical and user-based defenses against attacks, but recognize the limitations of such measures.


Similarly, whilst organizations should ensure training is supported by hardened technical defenses, malicious actors are increasingly employing techniques to evade automated detection and prevent analysis of attack methodology. As such, organizations should accept that a successful whaling attack is a possibility, and put in place checks and processes to mitigate the damage.


SPEAR PHISHING


Spear phishing is an email or electronic communications scam targeted toward a specific individual, organization, or business. Although often intended to steal data for malicious purposes, cybercriminals may also intend to install malware on a targeted user’s computer.


This is how it works: An email arrives, apparently from a trustworthy source, but instead, it leads the unknowing recipient to a bogus website full of malware. These emails often use clever tactics to get victims' attention. For example, the FBI has warned of spear phishing scams where the emails appeared to be from the National Center for Missing and Exploited Children.


Many times, government-sponsored hackers and hacktivists are behind these attacks. Cybercriminals do the same with the intention to resell confidential data to governments and private companies. These cybercriminals employ individually designed approaches and social engineering techniques to effectively personalize messages and websites. As a result, even high-ranking targets within organizations, like top executives, can find themselves opening emails they thought were safe. That slip-up enables cybercriminals to steal the data they need in order to attack their networks.



How to Protect Yourself


Traditional security often doesn't stop these attacks because they are so cleverly customized. As a result, they're becoming more difficult to detect. One employee mistake can have serious consequences for businesses, governments, and even nonprofit organizations. With stolen data, fraudsters can reveal commercially sensitive information, manipulate stock prices or commit various acts of espionage. In addition, spear phishing attacks can deploy malware to hijack computers, organizing them into enormous networks called botnets that can be used for denial of service attacks.


To fight spear phishing scams, employees need to be aware of the threats, such as the possibility of bogus emails landing in their inboxes. Besides education, technology that focuses on email security is necessary.


Other articles and links related to Definitions

  • What is a Botnet?

  • Infographic: Vulnerable Software

  • What is Social Engineering?

  • Social Engineering and Malware Implementation

  • Spam and Phishing Statistics Report Q1-2014

  • Understanding Spam and Phishing Scams

  • Simple Phishing Prevention Tips to Protect Your Identity and Wallet

  • Kaspersky Total Security



PHARMING


Definition

Pharming is like phishing in that it is a threat that tricks users into divulging private information, but instead of relying on email as the attack vector, pharming uses malicious code executed on the victim’s device to redirect to an attacker-controlled website. Because pharming runs code on the victim’s computer, the attacker does not rely on the targeted user clicking a link or replying to an email. Instead, the malicious code directs the targeted user to the attacker’s website, eliminating the extra step of a user clicking a link.


What is an Example of Pharming?

Pharming involves hijacking the user’s browser settings or running a background process that automatically redirects users to a malicious site. The attacker uses redirects or popups on the user’s desktop that display the phishing website in a masked link. In many cases, the attacker’s goal is to get financial data or the user’s authentication credentials, so the redirect triggers when the user navigates to a banking website.

For example, an attacker can use malicious code to monitor user web activity to trigger a redirect to a spoofed banking site. When a user enters their bank domain into the browser address bar, the pharming code hijacks the user’s activity and redirects the browser to an attacker-controlled website with the same look and feel as the official bank account. Users rarely look at the domain in the browser’s address bar, so it’s an effective attack to steal user financial data, including their credentials.

Another common example is redirecting users to another website when a search engine is entered into the browser. The attacker uses a malicious search engine to redirect users to ad sites or a specific phishing website. This can be done by hijacking browser resources or detecting when users navigate to a particular financial site.

What is Pharming Malware?


Since pharming attacks don’t rely on email, malware is used to redirect users and steal data. The malware installation file must be executed first, and then it can run on the computer after every reboot. The malware should run well, but threat authors rarely test their software and often introduce bugs into the software. Bugs can cause unintentional crashes, reboots, blue screens of death, and other computer problems. Any bugs that affect the main functionality of the malware could render it ineffective at stealing data. Still, it could also affect operations on your computer, leaving you unable to use it.

Another method used with pharming is DNS poisoning. Malware changes the DNS settings on the local computer, redirecting users to a malicious site when they type a domain into the browser. Every computer connecting to the Internet uses a configured DNS setting, and a DNS server stores the IP address for every domain on the Internet. When browsers perform a lookup, they direct users to the IP address listed on a DNS server. In DNS poisoning, the IP address is linked to a domain located on the attacker’s server.

Phishing vs. Pharming

Phishing and pharming are similar in that they both trick users into divulging private information, but the mode used to trick victims is different. In a phishing attack, a threat actor crafts an email that looks like an official business to mislead users. The phishing email usually contains a link that the user must click for the attacker to be successful. Phishing can also incorporate social engineering to enhance the attack and increase the possibility of successfully stealing money or data from the intended victim.

In a pharming attack, no email message is necessary because malware runs as a background process on the computer, intercepting web requests and redirecting users to malicious websites. Besides the initial execution of the malware, no user interaction is necessary. Once the malware executes, it persists on the computer even after it's been rebooted. Only malware removal tools can delete files used to monitor user activity, show popups, or hijack browser settings.

How to Prevent Pharming

To avoid being a pharming victim, the steps and best practices are similar to advice given to prevent viruses and other local machine malware. Always be suspicious of emails with attachments, especially if the attachments are executable files. Files that contain macros such as Microsoft Word or Excel could also run malicious code. Macros should be blocked unless you are sure that the files come from a trusted source.

A few other best practices that will prevent you from becoming a victim include:

  • Never click links from popups. Always manually type the official domain of the targeted site into the browser.

  • Ensure that your web connection uses HTTPS.

  • Never connect to arbitrary public Wi-Fi hotspots.

  • Use a reputable VPN service (or VPN alternative).

  • Enable two-factor authentication (2FA) on any account service that offers it.

  • Change the administrator password for any network equipment, including home routers and Wi-Fi hotspots.

Credential Pharming


Stealing data is a fundamental goal for an attacker, but stealing credentials gives a third-party complete control of your account. Having control of an account could be much more valuable. For example, obtaining account credentials on an email account provides an attacker with far more information than just stealing sensitive information from a targeted user.

In a phishing attack, users are tricked into sending their credentials to a threat actor via email. In a pharming attack, users aren’t tricked into navigating to a malicious website. Instead, the attacker steals data using malware background processes or automatically sends a user to a phishing website in their browser.

Pharming is much more effective than phishing because it doesn't require the user to click a link. Nonetheless, phishing is still a popular attack vector for threat actors. Pharming is beneficial for threat actors with programming knowledge. Malware authors still need to spread malicious programs to targeted users, so email messages are used to spread the malware to intended recipients. After the malware executes on targeted user computers, an attacker can collect money or sensitive information from ads and malicious websites.

Whether it’s through email or pharming, users should always avoid running executable files attached to email or files from unofficial software sites. Pharming and phishing aim to steal credentials or banking information, so avoid attachments and malicious software on suspicious websites.


IN THIS BLOG WE LEARN ABOUT TYPES OF PHISHING ATTACKS IN THE NEXT BLOG WE WILL TALK ABOUT "MAN-IN-THE-MIDDLE ATTACK"

SO MAKE SURE TO SUBSCRIBE TO MY BLOG PAGE AND MY YOUTUBE CHENNEL

AND PLS FOLLOW ME ON MY INSTAGRAM ACCOUNT FOR TIPS AND TRICS

I WILL SEE YOU IN MY NEXT VIDEO YA BLOG

TAKE CARE BYY BY


THANKYOU

BlackDevil

3 views0 comments

Recent Posts

See All

Comments

bottom of page