Phishing 101

Phishing is a scamming technique used to obtain an end users personal information for malicious activities.  Classic examples of this attack are cloned emails, link manipulation, website forgery, phone phishing and homograph attacks.

 

Cloned Emails:

One of the most common attacks is the use of a cloned email.  At the most basic level this attack will be delivered from a strange email address with nothing more than a poorly worded email containing a 1-800 number.  At it's most complex level the attack will originate from a trusted email address such as a friend or family member that has been exploited or a very official looking email account that appears to be related to the cloned email.  The cloned email will usually be for a service such as online banking or email service and it will almost always lead to your information being compromised should you click any links.  The best way to avert these types of attacks is to not respond to "cold" emails requesting any sort of account info.  Companies will never ask for your login info and if you do receive an email requesting you login to confirm account information internally, ALWAYS type in the URL or Link by hand and not by clicking an outside link.  Another option is to call the company directly and verify if the email originated from them.

 

Website Forgery/Link Manipulation:

Like most scams, phishing is based on first gaining your trust and then taking advantage of the end user as much as possible.  More than likely you will stumble across a forged webpage when you've opened a cloned email or pop up that then convinces you to click a URL or Link.  The page will be similar in concept to a cloned email in that it will be a direct clone of the official website it is trying to steal info for.  A simple way to confirm if the website you are on is real or not would be to check the URL or Link in the URL bar.(The URL bar is the white bar you type the website name into)  On most forged websites this fake URL will be similar but not 100% the same as the official websites, sometimes the fake URL will be completely different from the official website.

Example: 

FAKE: http://we.llsfargo.com/

REAL: https://wellsfargo.com/

 

Homograph Attacks:

With phishing becoming more and more common a new style of "link manipulation" has become popular.  It utilizes different language's character sets to create fake URLs or Links that are almost indistinguishable from the real thing.  A common version of the attack is to replace the Latin C with the Cyrillic С in a name such as Citibank this would create two different URLs or Links.  

 

Example: Google search 

ВАRGАІNЅТОRАGЕ

vs.

BARGAINSTORAGE.  

 

Notice how one pulls results but the other shows nothing at all.

 

0 Comments

Please sign in to leave a comment.
Powered by Zendesk