Phishing: Don't Take The Bait

Posted by Michael McLafferty on Jul 17, 2019 10:27:45 AM
Michael McLafferty

The “phishing” industry is a booming goldmine for hackers. More unsuspecting victims fall prey every hour to phishing campaigns, than any other type of cyber-attack. It is an epidemic of sorts, plaguing the digital world.

Gone Phishing

(Image from GCN.com)

First, let’s discuss what phishing is. Phishing is a method of social engineering used to discern information from a victim using email or malicious websites, posing as a legitimate organization or individual the victim does business with (i.e. bank, utility company, Boss). The objective of phishing is to manipulate the victim into divulging personal information and harvest credentials to sensitive accounts. Social Media has become one of the most attractive “lures” for hackers to utilize, for ensnaring their victims.

So, how does phishing work? A hacker might send an email that mimics the victim’s financial institution, requesting the victim click on a “link” to verify the account is still active. Once the victim clicks on the “link” provided in the phishing email, they will be redirected to a fake (cloned) banking website asking for sign-in credentials. This is a common method of credential harvesting used in many phishing campaigns and is especially effective on mobile email users.

Hackers will also implant remote access trojans (RATS) into the phishing email links and attachments. This method works by manipulating the victim into clicking on either an attachment or a link. Once clicked on, the RAT will begin to download and depending how its setup, run automatically in the background. The RAT establishes a remote session to the victim’s device. From there, the hacker can pivot the attack to other devices on the victim’s network and establish a “Man-in-the-Middle”. This allows the interception of all packets traveling over the network. Hackers will also replace legitimate CSS and JavaScript with their own script to harvest credentials on the cloned websites. Office 365 login pages are also a favorite for hackers to “clone”. The pages are nearly indistinguishable from one another.

Gone Phishing 2

(image from: dexerto.com)

Next, let’s discuss how Social Media is used in phishing attacks. One favorite target used by hackers is Facebook. Facebook has been in the headlines recently for storing hundreds of millions of user passwords in plain text. This has been a monumental security failure and display of complete incompetence by Facebook. Many hackers have capitalized on the confusion of this debacle and have used Facebook linked accounts to access other personal information about victims. Hackers have often posed as Facebook technical support staff, requesting the user change the password for their Facebook account. They will offer a “link” to reset the password. The link will be malicious and redirect you to what looks like the real Facebook site, but it will be a “cloned” version. The fake site will prompt you to login with the old password. Once the password is entered, the page will again redirect, but this time to the real site. This is an attempt at misdirection, giving the victim the impression of a “harmless” technical glitch. At this point the hacker has the login credentials and can monitor the victim at will.

There are several effective social-engineering toolkits available to construct cloned versions of any website, even TLS/SSL protected ones (https). These types of phishing attacks occur at the reconnaissance phase of most organized attacks. Most organized, state-sponsored hackers use the following structure of attack: Phase 1 is reconnaissance, Phase 2 is scanning, Phase 3 is infiltration, Phase 4 is establishing persistence, Phase 5 is covering traces of the attack.

Gone Phishing 3

(Image from: staysafeonline.org)

Now, let’s discuss the types of phishing emails. The first is clone phishing. Clone phishing is making a near identical replica of a legitimate source of online correspondence, that has been previously trusted by the victim (banking/Facebook login page). The second type is called Spear phishing. This type of phishing is designed for a more specific target like an individual of a company, often accounting or front desk employees. Hackers will often pose as a customer of the victim and attempt to send malicious attachments disguised as business documents. The third type of phishing is called Whaling or Whale Phishing. This type of phishing is directed at high-profile individuals within an organization like the Chief Executive Officer or head of Human Resources. This happened to Snapchat in 2014. A hacker impersonated Snapchats CEO Evan Spiegal and asked for employee payroll information. What resulted, was the leak of many of Snapchats employees’ personal and financial data. Hackers then sold the information on “dark marketplaces” to the highest bidder. Snapchat has a long history of unprecedented data breeches. The attacks on Snapchat in 2014 became known as “The Snappening”. The repercussions of those attacks are still being answered for and sparked many legal battles.

Gone Phishing 4

(Image from: Network Coverage)

How can you protect yourself against phishing attacks? Awareness is critical for safeguarding against phishing attacks. Knowing the signs of a phishing attempt can shut them down instantly. First, never click on a link or attachment before verifying the validity of the source. There are many scanning tools available to check emails for viruses, but some will still go undetected by providers. Always take the extra time to verify that the spelling of the sender’s name is correct and is from the right domain. If you notice strange emails with different variations of a legitimate name, contact the IT department and make them aware ASAP. Second, it is a good idea to send out a monthly reminder of the steps being taken to stop phishing attacks to keep a high level of awareness for employees. This would include letting employees know, no emails will be sent with embedded hyperlinks to websites and the company will never ask for personal information via email. Third, it is advised to keep all website certificates up to date, to assure the legitimacy of the websites employees are directed to use. This helps immensely when being redirected to a “cloned” website. Remember, always verify the URL and certificate of the site you are being redirected to. Other tips include, using SPAM filters, correctly configuring the email client, monitor phishing sites, correctly configuring the web browser, and use https. In the end, you must also trust your own instincts and become a “Human Firewall”. If something seems suspicious, it most likely is. Take the proper precautions and always stay vigilant.

Topics: technology, Cyber-Security, Data Privacy, Phishing, Internet, Internet Safety

SkyWire

SkyWire is an award-winning provider of enterprise-grade technologies for the hospitality industry. SkyWire's cloud-based solution set includes Point-of-Sale, Mobile Marketing, Spa & Activities, and Time & Attendance Systems, enabling customers to optimize their management and marketing efforts by using cutting-edge hardware and proprietary software solutions. SkyWire delivers world-class, core enterprise technologies that are versatile, secure, and resilient.           

Subscribe Here!

Recent Posts