Skip to content
Permalink
master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

DADA/Articles/st11_WhatIsPhishing.md

Go to file
 
 
Cannot retrieve contributors at this time
What is Phishing Examples of Phishing Your task: real world examples of phishing
79 lines (56 sloc) 3.27 KB
Raw Blame
Open in GitHub Desktop
title
What is Phishing

Last week we talked about social engineering, and how hackers can make use of publicly available information to discover more about a target.

What is Phishing

Phishing is a form of social engineering, where targets are contacted by someone posing as a legitimate entity, in an attempt to get them to provide sensitive information.

It's one of the oldest forms of Cyber Attack, and has been prevalent since the 1990s, and the non electronic form of confidence trick has been around for ever. I think that one of the more interesting things about phishing, is unlike other significant cyber threats, the propagators need no coding or technical skills.

The motivation behind a phishing attack can vary, but can generally be broken into two categories:

  • Get the user to hand over sensitive information: Such as usernames, passwords or other account details. These can then be used to access the victim's account and potentially other information.

  • Get the user to install malware: Tricking the victim into installing malicious code that can then be used to further compromise a machine. It was estimated that around 92% of all phishing emails contained some form of malware. [https://www.csoonline.com/article/3077434/93-of-phishing-emails-are-now-ransomware.html]

Examples of Phishing

The "Classic" Phishing example is the 419, or Nigerian Prince scam. There the target is contacted with an offer of a large payment in return for some information such as bank details. While most people recognise the attempt, the FBI states that this type of scam still costs millions of dollars in losses. [https://www.fbi.gov/scams-and-safety/common-fraud-schemes/nigerian-letter-or-419-fraud]

Sidenote: Interestingly, the first recorded instance of a 419 scam was in 1920, with a letter advertising "Magical powers" was sent by "Professor" Crenstil. [https://www.newsweek.com/origins-nigerias-notorious-419-scams-456701]

Other examples of Phishing include emails from online organisations, asking you to confirm account details, which then redirect you to a fake website for credential harvesting.

Some phishing attempts are not targeted, for example sending out bulk emails in the hope that some people will fall for them. The bulk 491 scam spam emails sent out are an example of this. While this approach lacks sophistication, the number of targets means that the scammer is likely to get some success.

Other Phishing attempts may be soft-targeted for example, targeting employees of an organisation using publicly available information. This is a slightly more sophisticated approach, but still relies on volume to be successful.

When combined with other forms of social engineering and open source intelligence gathering, Phishing becomes an effective and targeted method of compromising the security of a system. This approach known as spear phishing targets a specific individual, and relies on putting effort into convincing the target the source is trusted.

Your task: real world examples of phishing

Some examples of real world Phishing emails can be found here: http://www.phishing.org/phishing-examples

Do you recognise any of these attacks? What kinds of trends do you see? Discuss in the Forum.