What Is Phishing?
Phishing is a type of social engineering attack in which a target(s) is contacted by email, telephone, or text message, purporting to be from reputable companies or individuals.
Phishing attacks are used to trick someone into revealing information such as personally identifiable information, banking and credit card details, and passwords. This information is then used to access important accounts and can result in reputational damage and financial loss for your business.
Figure 1. Example of a phishing attempt.
Common Features of Phishing Emails
- A message that is too good to be true
- Sense of urgency/threats
- Suspicious attachments
- An unusual sender
- An unfamiliar tone or greeting
- Grammar and spelling errors
- Inconsistencies in email addresses, links, and domain names
- Short messages
- Request for credentials, payment information, or other personal details
Types of Phishing Attacks
Anyone can be targeted by a phishing attack. Some threat actors will send out a general email to many people, hoping a few will take the bait while others use more targeted attacks if they are after something specific, like access to a company's network.
1. Email Phishing
Today, most phishing attacks are sent by email. This method attempts to steal sensitive information via an email that appears to be from a legitimate organization. This is not a targeted attack as the cybercriminal will usually register a fake domain that mimics a genuine organization and sends thousands of generic requests.
In an attempt to convince the target, threat actors will create a unique domain that includes the legitimate organization's name in its URL ‘firstname.lastname@example.org’.
A fake domain can also include character substitution. In this scenario, a threat actor will use characters like ‘r’ and ‘n’ next to each other to create ‘rn’ instead of ‘m’. For example, email@example.com. In an even more subtle scenario, a threat actor will substitute characters like a capital “I” which in common san serif fonts can appear like a lowercase “l.”
2. Spear Phishing
While email phishing is a general attack, spear phishing is highly targeted. Spear phishing is a malicious spoofing attack, set to mislead a specific target such as an organization, company executive public persona, and other lucrative targets.
Threat actors who partake in spear phishing will already have information about their target to further convince them of the email’s authenticity. This may include their:
- Job title
- Email address
- Place of employment
- Specified information about job roles and responsibilities
3. Smishing and Vishing
For both smishing and vishing attacks, the standard email is now replaced with telephones.
Smishing, otherwise known as ‘SMS-enabled phishing’, involves the use of malicious links in the form of text messages. These smishing pretexts can often be disguised as bank, delivery, and account notifications.
Vishing, otherwise known as ‘voice phishing’, involves a malicious caller using deception to gather sensitive information as they impersonate a legitimate business. For example, a caller would say:
‘Your account has been compromised. Please call 123-456-7890 to reset your password. ‘
4. Angler Phishing
The latest of the phishing scams, angler phishing, uses social media to impersonate an organization’s customer service account. Popular platforms include Facebook, Instagram, Twitter, and LinkedIn. These threat actors can use posts, tweets, and fake URLs to launch various phishing attacks.
‘@user123 We apologize for this! In order to regain access to your account, please log in using our secure portal here…
Furthermore, in angler phishing, criminals can also use the information already provided by users on social media for highly targeted attacks. It is wise to always be mindful of the information you put on social media.
How to Prevent Phishing Attacks:
The first line of defense should be securing your organization’s endpoints! Phishing is often used to gain access to a secured network as part of a larger attack. These attacks can result in insurmountable losses for your business.
ThreatLocker uses Zero Trust to offer a unified and targeted approach to protect users, devices, and networks from modern-day vulnerabilities. By using Allowlisting and Ringfencing™ to control which applications can run and what those allowed applications can access, we protect your data from threat actors itching to get their hands on your sensitive information. This technology allows you to:
- Stop fileless malware and limit damage from application exploits
- Define how applications integrate with other applications
- Stop applications from interacting with other applications, network resources, registry keys, files, and more
- Stop applications from interacting with built-in tools such as PowerShell, Command Prompt and RunDLL
- Stop built-in tools from accessing your file shares
To learn more about how to manage your endpoints and prevent exploits from phishing and other malicious attacks, contact ThreatLocker to book a demo.