Understanding Phishing - Techniques, Types, And Tools Used By Phishers

What is Phishing?

Question:

What is the Phishing is a Social Engineering ?

Phishing is a social engineering activity of luring internet users into using or clicking certain computer links in a site, emails or other web pages sites. The cybercriminal uses this means in order to obtain sensitive information of a target such as passwords, usernames, and credit cards numbers for malicious intentions by pretending to be entrusted entity.

For instance, an attacker can perform an email phishing by sending an email that appears to be sent from one of the user’s bank. The attacker engages trustworthy of the victim by pretending to be that bank. The email may contain an information about some pending account in-activity that the users need to send sensitive details about his account for him to be activated. When the user sends the details, the attacker obtains the bank details and uses to access users bank account.

Phishing attackers uses the following techniques to attack the victims using below phishing types: (Ramzan, 2010)

• Spear phishing

This is phishing attempt always directed to the target victim where the victim can be an individual, organisation or a company. Attackers gathers sensitive or crucial information that will perfect the attention of the victims when sent to them. This technique is the most successful one.

• Clone phishing

This type of phishing always takes advantage of sent emails that are sent to the recipients. Attackers take advantage of mails that contains attachment or links. The attackers obtains the same mails and edit them and create almost identical mails and send them to the earlier recipient address. The mail contains malicious content but the recipient won’t realize whether that the mail has bad intention, they only think that the same sender may be sent an updated mail or sent another mail to counter any loss of delivery.

• Whaling

This type of phishing targets senior executives and senior heads in an organisation or a business. The form or way used to attack takes an executive form in a way that it will capture senior managers or workers attention. The information sent may be in form of a customer complaint form that will lure in the senior manager to open the info or link hence sending sensitive information to the attacker without realisation.

• Link manipulation

The phishers use mails or websites for their targets. They add links to the websites which hold sensitive business activities and embed misspelt urls that appears to be correct if the user is not very keen. The user may click the link and be redirected to an alike webpage comprising almost the same details / information. The user may end up providing login details without realising he has just sent the details to the attacker.

• Filter evasion

Phishers started using images to evade anti-phishing filters where they hide the text behind the image. Although some techniques have been devised to detect phishing texts in images and even when the texts are rotated, the phishers continues to attack various victims of website and email users.

• Website forgery

Phishing Techniques

The phishers enters a website for spoofing. When they get into the site, they make use of JavaScript to lure users to activate some commands while in background they change the address bar without the user noticing. The user may end up being redirected to another web page but with same look like the earlier web page. The user may be prompted to login especially if the web page is a web application and the attacker wants to obtain login credentials of the victim. The attackers always attack sites like bank web application and at once PayPal was once attacked.

• Covert redirect

This is a trick used by attackers that provide links that appear legitimate to the users. The links may be popups that requires users to login to their sensitive accounts while the attackers have used them to capture sensitive details.

• Phone phishing

The attackers uses the voice phishing to attack the victims. The phishers can send a fake message containing sensitive information that will capture victim’s attention. The message may be framed to have come from a recognised organisation like a bank. Victim may be prompted to enter pin without realising that massage has a fake ID source. Therefore the attacker will obtain user’s sensitive details and use them for malicious activities.

Phishing Success

What makes the phishing to become more and more success is due to human nature which is tough to overcome. The phishers are taking advantage of human nature and post information that will always capture victim attention. For instance, the phishers can send a love bug or health advises that has key information to be ignored by the victim.

While the technologists are increasingly devising control measures for anti-phishing, the phishers are becoming cleverer. They are using super phishers to hack and spoof information. They can hide the phishing links that goes un-noticed by phishing detectors.

The main success of the attackers is how currently they can protect themselves from being noticed. Like earlier days where they could redirect victims using links to fake sites and prompt users to enter some details like the login credentials, currently the victim just clicks the links and activates a background rogue codes that exploit victim computer without user noticing. This may lead to installation of ransom ware into victim’s computers without victim consent.

The phishers also take advantage of users unaware of the victims especially if the victims are not expecting phishers to have interests in their sensitive details.

Tools used by phishers

Phishers have variety of tools readily available to them that makes their attacks a success. These tools can be used to perform various functions like mail delivery, website spoofing and phishing malware embedment.

These are the list of those tools used:

• Botnets

Bots are programs that reside in a computer and provide remote controls through various protocols. When many bots are controlled from one control they make a botnet. Botnets are controlled in way that they can be used to cause an attack to certain computer targets. When a computer becomes a bot, it can be used to send a malicious mail, cause other web browsers users to be redirected into malicious web pages, install additional malware to itself, cause surveillance to other computers sensitive details and more other illicit activities.

Types of Phishing

Bots can be redistributed through file sharing and mailings.

• Phishing kits

The phishers have become more ready through use of readily available kits which contains set of equipment that can be used perform an attack. The kit contains set of ready bots, hosting domains that have assurance of not been closed off or detected (Roberts, 2004), list of servers which can be targeted and more so famous sites and organisation details that an attacker can use to attack. In current days, the developers of these kits don’t sell them, in fact they spend time in advancing these bots and making newer versions of bots that can be downloaded by interested phishers for free (Sophos, 2000). The technology needed to perform an attack has been made readily available by the kit providers hence more attacks are continuing to happen

• Technical deceit

As the internet users have become more aware of the detection of phishing codes and links, the attackers have engaged in more tricky ways of performing their attacks. They make counterfeit websites that cannot be noticed by the internet users while redirecting.

• Session hijack

Phishers have been waiting for internet users to log in to web applications and become men in the middle. They capture ones IP address and fake Mac address and pretend to be the original owner of the authentication credentials. They do this until they capture all sensitive details that will help them perform a fraudulent attack without users prior knowledge since they forward the messaging signals to the server on behalf of the owner. They act as the first destination of senders signal and as the first receivers of servers signals been sent to the user.

• Abuse of Domain Name Service (DNS)

Phishers have using the domain name service exploits where they pretend to be the said url name while the IP address of the address is fake. They do this to gain users trust without user’s prior knowledge.

• Phishing specialized malware

Technologists have made bots that readily are available to the phishers. These malwares are designed for spying and illicit operations between the affected computers. The bots can be used for spying in a certain computers details and even send those details to the main control and obtain sensitive data for malicious gain.

Organisation Concerns

As the phishing has become more and more successful and affecting organization to negativity through spear phishing, the organizations are concerned more on how to counter the attackers. Spear phishing has been used to perform large cyber-attacks leading to large money loss in organizations.

The spear phishing has impacted negatively to the affected organizations. For instance, most of those organization reported to have been attacked, they have experienced:

• Big money loss
• Decrease in stock sales

For those two main losses, the attackers used malwares to obtain authentication details and obtained organisation sensitive information.

The attackers have been using emails to counter victims trust.

The attackers always targets the finance and IT staff who always hold sensitive details about money or authentication credentials for an organisation.

The main negative impacts of phishing to an organisation are as follows: (Van der Merwe, 2005)

• Decreased employees productivity
• Financial losses
• Organisation reputation damage
• Decreased stock prices

Phishing Success

The organisation has used various technologies to prevent themselves from phishers. The techniques they use are:

• Secure email gateway
• Secure web pages gateway
• Url filtering
• Data leaking protection
• file solution sandboxing

Current and Future Trends of Phishing

Currently phishing is becoming more and more prone affecting many organization leading to losses. The phishers are cleverer than before. They have devised phishing techniques that cannot be easily noticed. The phishers have taken advantage of human nature in a way they easily afford human attention by gaining their trust. The phishers are forging sites and e-commerce accounts in a way that site users are hard to realise that the sites are spoofed. As the technology advances, the phishers are devising more and more tricky spams which are hard to be detected by anti-phishing software. The speed at which hackers are devising new phishing techniques is super-exceeding the technology used to make new phishing control measures. (APWG, 2004)

The future of phishing is to hack many sites, banks and e-commerce sites without any complexity. This will lead to collapse of businesses if technologists don’t speed up their techniques of devising control measures.

Phishing has taken advantage of research survey where the internet users can be tricked to fill some phone or bank details so as to capture victim sensitive information.

Other phishers are using trick games which always appear as a pop up where the victim is deceived to have won a gift but at the end the victim is issuing his authentication details pertaining a bank or other financial institution like the master cards.

The following key points goes with the current trends in phishing:

• Social engineering components

Phishers are using social engineering techniques to trick the internet users to click a link and activate malicious codes by finding vulnerabilities. The attackers embed the codes in emails and websites that are common to the users and which contains sensitive information especially details of banks and e-commerce. The phishers make the codes in a way that it is hard to be noticed by the victims. This codes when activated, they run in background of victim’s computer and performs spying activities which can capture users’ usernames and passwords in the browsers and emails.

• Common tools and infrastructure

Phishers has been using common infrastructure to attack the internet users. They use websites, bot nets and mails to host phishing sites and malicious software.

• The big idea

The main trend now is that the websites hosting companies are ensuring the clients’ websites have been configured with anti-phishing technologies to prevent phishers from spoofing. As well the law and the government should ensure that the criminals and hosting companies of phishing sites are taken into courts and be prosecuted for committing this kinds of crimes

Phishing Control and Avoidance

For phishing control in organisations, the staff should be warned, made aware, trained and be given reinforcing messages in day to day to counter attackers techniques. (Ramzan, 2010)

• Awareness and education

Even though awareness is not enough, the web pages and other sites should be incorporated with anti-phishing programs that can detect phishing links and remove them immediately.

In addition, the organization can filter phishing emails or web pages in a network before reaching to the staff.

The best phishing defensive mechanism is:

• If any link is sent to your email and the link is requesting you to send your login credentials, ignore the mail as a spam.
• If the mail sent is suspected to be a scam, just read the mail between the lines and don’t click any link in that mail. You can inspect the link by typing in into your browser and see what that link contains but don’t click it in your email.

• Strong authentication practices

Two factor authentication can be used to provide users with a hardware token that keep on changing after every logins. The attacker won’t be able to use the credentials since the details keeps on changing.

• Virus, spyware and spam prevention

Anti-malware have been implemented to prevent users against suspicious codes used by the phishers. These products are always enabled and updated to provide maximum protection.

• Targeting hosting sites

The law can be used to suppress the hosting sites sending phishing mails or codes and hence be shut down. The practice should be done previously as the phishers keep on devising new hosting sites.

Recommendation

Though there has been techniques and measures used to counter phishing, the technology should be improved to counter the phishing to zero tolerance. The measures that can be recommended is:

• Continued awareness and education to the public and staff on issues pertaining the phishers and new techniques used by the phishers.
• The organisation should have a foresight of their sites or emails about an information that might be at risk. This helps to counter any vulnerability by the phishers to attack the sites.

Conclusion

Since phishing is profitable activities to the attackers, the phishers are becoming more and more intelligent in using technology for their profit gains. Organisation should involve themselves in creating awareness to their staff and public to counter the phishers. New and advanced technologies are been devised to keep off the phishers. Phishers can lead to an organisation collapse.

References

Ramzan, zulfikar. “Phishing attacks and countermeasures”. In stamp, Mark & Stavroulakis, Peter. Handbook of information and communication Security. 2010, Springer ISBN 9783642041174

Van der Merwe, A.J, Loock, M, Dabrowski, M. (2005), Characteristics and Responsibilities involved in a Phishing Attack, Winter International involved in a Phishing Attack, Winter Symposium on Information and Communication Technologies, January 2005, Cape Town.

Anti-Phishing Working Group. Phishing Activity Trends Report, March, 2017.https://www.antiphishing.org/APWG_Phishing_Activity_Report-March2017.pdf
Anti-Phishing Working Group. Phishing Activity Trends Report, March 2017. Retrieved 3March 30, 2017 from https://antiphishing.org/APWG_Phishing_Activity_Report_April_2005.pdf

McWilliams, Brian. “Cloaking Device Made for Spammers.” Retrieved March 30, 2017 from https://www.wired.com/news/business/0,1367,60747,00.html.  

“Do-it-yourself phishing kits found on the internet, reveals Sophos”. Retrieved March 30, 2017 from https://www.sophos.com/spaminfo/articles/diyphishing.html.