Phishing scams are the most common type of “social engineering” attack. These types of hacks are dangerous because of their ability to bypass virtually any other security barrier. Most (if not all) security barriers require credentials, and phishing gives people a way to steal those credentials. Most people know about the common email/link method, so you probably know that it’s important to be careful about clicking links in your emails. However, there are lots of other methods by which the concept of phishing can be applied. Here are some of the most common ones.
1. Impersonating The Boss
In some cases, phishing emails will not follow the normal pattern. Instead of trying to trick you into clicking a “booby-trapped” link, they might use a more subtle method. They might instead try to impersonate a supervisor, CEO, or another authority figure. Using this fake identity, they will then try to pressure a low-level employee to give them sensitive information, transfer funds to a certain bank account, or any number of other fraudulent activities. In many cases, such emails can be recognized by their suspicious or inconsistent content.
The best way to defeat these methods is through the use of a secure email client. The use of PGP or GPG encryption allows you to verify every email with a secure key. Unfortunately, we don’t have enough space to fully explain this type of encryption, but it works by using two keys: A public one and a private one. You keep your private one to yourself, but you give your public key to anyone with whom you wish to communicate. Thus, no one can email you unless you have exchanged public keys with them.
2. Clone Phishing
This is one of the scariest methods because it is more likely to work. It works like this: The attacker makes a direct copy of a legitimate email and then re-sends that email to you. However, they will make some small changes to the email, such as the introduction of a malicious link. If the original email has a link, they will swap it with another one. Obviously, this will lead you to a spoofed/malware site. they will often claim that they re-sent the email because of a technical issue.
If you receive two seemingly identical emails, and both of them have links, you need to hover over that link with your mouse and look at the URL displayed. Basically, you need to make sure that the URL has not changed in the second email. This should be done every time you receive a duplicate email.
3. Domain Spoofing
Sometimes, it isn’t enough to simply hover over the link and check to see if it is legitimate. Sometimes, addresses like this can be “spoofed.” Basically, there are ways that an attacker can disguise those URL addresses and other online credentials.
To understand how this works, you need to understand the structure of the internet itself. The internet consists of a massive amount of data flying back and forth among computers and mobile devices worldwide. This data is broken up into smaller units known as “packets.” By transmitting many packets in a short amount of time, it becomes possible to transfer very large amounts of data.
Every packet has a header that indicates its origin. It also contains a destination address. Unfortunately, these things can often be forged. If those packets are configured to give a false address, it can be very misleading. This happens because the simple mail transfer protocol (SMTP) doesn’t verify these addresses! Thus, you really want to avoid this protocol if you want a secure email system.
4. “Evil Twin” Attacks
Although it might sound like something out of a soap opera, these attacks are very real and happen all too often. They have also been called “Starbucks scams” because of the fact that coffee shops have been a frequent target. These attacks are devilishly simple, and that’s why they often work.
The attacker starts by going to a place with a public network (like a coffee shop, library, etc.) and creating a wi-fi hotspot. They will make it look exactly like a legitimate public network. They will use the same network name (SSID) and may even try to duplicate the landing page. Unsuspecting users will then connect to the duplicate network, thinking that it’s just a normal public network. From there, specialized software can capture all their network packets, and that might include all sorts of sensitive information.
Defeating an evil twin attack is very simple: Just don’t use open public networks for the communication of sensitive information. A public network is kind of like a public square and should be regarded as such. For that matter, an organization that is mindful of its security shouldn’t use open public networks (i.e., those that don’t require a password) at all.
5. Text Message Phishing
Since text messages are quite similar to emails, it shouldn’t surprise you to learn that SMS can be used for phishing. Most of the same tactics that might be used in an email phishing scam can also be used in a text message. This is why you should never communicate important information in this way. Text messages will simply never be secure.
One thing you can do is look up any short-code numbers that appear on your text messages. Most scam messages will make use of the short-code system, as it is less secure by nature. As such, you can look up those codes on this website to verify the sender.
We hope that this article has given you an adequate “crash course.” These are not the only forms that phishing scams can take, but all of them are variations on the universal theme of credential theft. Because they are social engineering attacks, these can only be prevented with vigilance and due diligence. To learn more, feel free to call an IT support provider like PCH Technologies (856-754-7500). They are among the best IT consulting firms in NJ and can certainly tell you more.