Phishing is a type of social engineering attack in which cyber criminals trick victims into handing over sensitive information or installing malware. More often than not they do this via malicious emails that appear to be from trusted senders, but sometimes use other means, which are explained below.
Malicious email attachments, which usually have enticing names, such as ‘INVOICE’, install malware on victims’
machines when opened.
Malicious links point to websites that are often clones of legitimate ones, which download malware or whose login pages contain credential-harvesting scripts.
Pharming attacks redirect a website’s traffic to a malicious site that impersonates it by exploiting vulnerabilities in the system that matches domain names (the URL you type into your browser address bar) with IP addresses (the string of numbers assigned to each device connected to a network).
These spoof websites’ URLs look genuine, but are subtly different from the ones they impersonate.
They aim to take advantage of typing mistakes when users enter URLs into their browser address bar.
For instance, they might: Misspell the legitimate URL; Use letters that are next to each other on the keyboard, such as ‘n’ in place of ‘m’; Swap two letters round; or Add an extra letter.
Attackers use multiple transparent layers to place malicious clickable content over legitimate buttons. For example, an online shopper might think they are clicking a button to make a purchase, but will instead download malware.
In these attacks, unattended browser tabs are rewritten with malicious sites. Unsuspecting users who return to the tab may not notice that the page is not legitimate.
Most phishing emails are sent at random to large numbers of recipients and rely on the sheer weight of numbers for success. (The more emails are sent, the more likely they are to find a victim who will open them.)
However, there are also many types of attack – known as spear phishing – that target specific organisations or individuals. As with broader phishing campaigns, emails might contain malicious links or attachments.
A copy of a legitimate email that has previously been delivered, but sent from a spoof address that closely resembles the email address of the original sender. The only difference between it and the original email is that links and/or attachments will have been replaced with malicious ones. Recipients are more likely to fall for this sort of attack as they recognise the contents of the email.
A type of spear phishing that targets high-profile individuals, such as board members or members of the finance team. These attacks require additional effort on the part of the attacker, but the rewards are potentially greater: CEOs and other C-suite executives have more information and greater levels of access than junior employees. Moreover, a senior staff member’s compromised account can be used to carry out BEC attacks.
These emails often take the form of ‘urgent’ requests purporting to be from senior staff, such as the CEO or CFO. They use social engineering tactics to fool more junior staff members into wiring money to the wrong recipient or disclosing confidential business information.
If you are interested in finding out more about the IISF, or would like to attend one of our Chapter Meetings as an invited guest, please contact the
Enhance your Cybersecurity knowledge and learn from those at the coalface of information Security in Ireland