Phishing attacks


 

Definition

a technique that uses social engineering and spoofing to obtain the target's information.
a phishing email pretends that it comes from a legitimate place (your bank or your social account) and ask you to provide an action like:
  1. Giving personal information: phone number, location, etc.
  2. Credentials submission: username or password, etc.
  3. Click a link that goes to a login page 
that attacker can't copy the exact URL as the legitimate source, so by checking the URL you can actually verify the authenticity of the origin, Here's an example of spoofed URLs:
  • www.faceb00k.com/login.php
  • www.paypel.com/password-recovery
so you should pay attention to the URLs spelling, in fact, a good practice is to never click on a link from an email, instead, you can type the URL by yourself directly in the search bar.

Tricks to a successful phishing

  1. we already mentioned the usage of typosquatting www.facobook.com or prepending a letter and hope that the target doesn't notice it www.ffacebook.com
  1. Reverse engineer the design of the targeted web page so that it looks exactly like what you supposed to see
  1. pretexting you with true information about you to make you relaxed about the email, saying for example that the monthly payment of your Netflix is in-place and that they need the Visa card verification to proceed with it, you will be surprised about how much information is available on social media and on the internet about you (this is known as OSINT).


Phishing Types

Pharming

Redirecting the target to a bogus site by poisoning the DNS server or by altering the hosts file in
target's local machine (needs access to the target's machine)

Ex: when the client search for realWebSite.com, he will be redirected to 5.5.5.5 (the bogus site) instead of 10.10.135.11, the is known as DNS spoofing.


this is a dangerous attack if it's combined with phishing because the attacker isn't required to change the URL spelling, therefor the anti-malware won't detect a thing (everything will look normal)

Vishing

known as voice phishing, this method relies extensively on social engineering, this attack is very common due to the simplicity of gathering Caller IDs, another way of doing this is using SMS or what we call Smishing.

Spear phishing

target a specific individual within the organisation by simply gathering more information about him, this type of phishing take more time then non-targeted one, because the goal here to garantee that the victim believes the email's legitimacy, this attack often targets the CEOs and CFOs, aka Whaling (going after the biggest fish in the organisation), this is why it is crucial to teach those individuals about this attacks and constantly run phishing tests on them.

There are many other variations of scams that use phishing: Advance-fee scam, Boss/CEO scam phone verification scam, etc, you can find some great summaries on Reddit

Summary



To get an idea about the scope of phishing threats, take a look at the chart above.
this chart - pulled from Google Safe Browsing - shows the steep increase in the number of websites deemed unsafe between January 2016 and January 2021.




Comments

Post a Comment

Popular posts from this blog

OpenVas: Vulnerability Scanning | Installation Guide

Image
  Introduction: OpenVAS is a vulnerability scanner that analyzes endpoints and web apps to uncover and detect flaws. Corporations frequently employ it as part of their mitigation strategies to initially identify any weaknesses in their operational or testing servers and apps. This isn't an ultimate solution, but it can assist in the elimination of any common weaknesses that may have sneaked through the gaps. Installation: There are three methods to install GreenBone openVas: 1- Install from Kali/OpenVas repositories:  This way varies in difficulty because of the needed configurations, you can simply install it with apt. sudo apt-get update -y &&  sudo apt-get upgrade -y &&  sudo apt-get dist-upgrade -y sudo apt-get install openvas sudo gvm-setup sudo gvm-check-setup 2- Install from source (Manually): This way is not the best for beginners due to prerequisite installations and error handling can be challenging. github.com/greenbone/openvas-scanner 3- R...
Read more

Nmap | TryHackMe Walkthrough

Image
  An in-depth look at scanning with Nmap, a powerful network scanning tool. This room was created by DarkStar  and  MuirlandOracle , as it provides a great way to learn and start practicing nmap. I encourage you to give it a try by yourself since the hands-on practice will give you more understanding of the topic (take advantage of the manual page man nmap ). Task2: What networking constructs are used to direct traffic to the right application on a server? Ports How many of these are available on any network-enabled computer? 65535 [Research] How many of these are considered "well-known"? (These are the "standard" numbers mentioned in the task) 1024 Task3: What is the first switch listed in the help menu for a 'Syn Scan' (more on this later!)? -sS Which switch would you use for a "UDP scan"? -sU If you wanted to detect which operating system the target is running on, which switch would you use? -O Nmap provides a switch to detect the version of the...
Read more

Wireshark for Security Analysis | Customization & Common features

Image
1/ Introduction What is Wireshark? Wireshark is a network packet analyzer. A network packet analyzer presents captured packet data in as much detail as possible. You could think of a network packet analyzer as a measuring device for examining what’s happening inside a network cable, just like an electrician uses a voltmeter for examining what’s happening inside an electric cable (but at a higher level, of course). In the past, such tools were either very expensive, proprietary, or both. However, with the advent of Wireshark, that has changed. Wireshark is available for free, is open source, and is one of the best packet analyzers available today.  wireshark.org/docs/ Some intended purposes Here are some reasons people use Wireshark: Network administrators use it to troubleshoot network problems Network security engineers use it to examine security problems QA engineers use it to verify network applications Developers use it to debug protocol implementations People use it to learn n...
Read more