Different types of Phishing
- Deceptive Phishing
- Malware-Based Phishing
- Keyloggers and Screenloggers
- Session Hijacking
- Web Trojans
- Hosts File Poisoning
- System Reconfiguration Attacks
- Data Theft
- DNS-Based Phishing ("Pharming")
- Content-Injection Phishing
- Man-in-the-Middle Phishing
- Search Engine Phishing
Deceptive Phishing
A phisher sends bulk email with a message. Users are influenced to click on a link.
Examples: An email stating that there is a problem with recipient’s account at financial institutions
and requests the recipient to click on a website link to update his details. A statement may be sent to
the recipient stating that his account is at risk and offering to enroll him to an anti-fraud program. In
any of the case, the website collects the user’s confidential information. The phisher will
subsequently impersonate the victim and transfer funds from his account, purchase merchandise, take
a second mortgage on the victim’s house or cause any other damage. In most of these cases, the
phisher does not directly cause any economic damage, but sells the illegally obtained information on
a secondary market.
Malware-based Phishing
Malware-based phishing involves running malicious software on the user’s machine. The malware
can be introduced as an email attachment or as a downloadable file exploiting security
vulnerabilities. This is a particular threat for small and medium businesses (SMBs) who fails to
update their their software applications.Keyloggers and Screenloggers
Keyloggers and screenloggers are varieties of malware that track input from the keyboard and send
relevant information to the hacker via the Internet. They can embed themselves into the user’s
browsers as small utility programs.
Session Hijacking
Session Hijacking is a kind of phishing attack where user’s activities are monitored clearly until they
log into a target account like the bank account and establish their credentials. At that point, the
malicious software takes control and can undertake unauthorized actions, such as transferring funds,
without the knowledge of the user.
Web Trojans
Web Trojans pop up when the users attempt to log in to an important website or performing any
transaction. These web trojans are invisible to the users. They collect user's credentials locally and
transmit them to the phisher.
Hosts File Poisoning
When a user types a URL of a website it is first translated into an IP address before it's transmitted
over the Internet. The majority of user’s PCs running a Microsoft Windows operating system first
look up these "host names" in their "hosts" file before undertaking a Domain Name System (DNS)
lookup. Phishers steal information by "poisoning" the hosts file. They transmit a bogus address, taking
the user unwittingly to a fake "look alike" website.
System Reconfiguration Attacks
This is a kind of phishing attack where the settings on a user's PC are modified with bad intentions.
For example: URLs in a favorites file might be modified to direct users to bogus websites that look
alike. For example: a financial institution's website URL may be changed from "bankofxyz.com" to
"bancofxyz.com".
Data Theft
Malicious code running on a user’s computer, can directly steal confidential information stored on the
computer. This information can include activation keys to software, passwords, sensitive and
personal email and any other data that is stored on the victim's computer. Data theft is also widely
used for phishing attacks aimed at corporate espionage. In addition, confidential memos, designdocuments or billing info can be publicly leaked, causing embarrassment or financial damage to the
organization. This data can also be leaked to competitors.
DNS-Based Phishing
Domain Name System (DNS)-based phishing or hosts file modification is called Pharming. The
requests for URLs or name service return a bogus address and subsequent communications are
directed to a fake site when the hackers tamper a company’s host files or domain name. As a result,
users remain unaware about the fraud website controlled by hackers.
Content-Injection Phishing
Content-injection phishing means inserting malicious content into a legitimate website. The malicious
content can redirect to other websites or may install malware on a user’s computer and also insert a
frame of content that will redirect data to the phishing server.
Man-in-the-Middle Phishing
Man-in-the-Middle Phishing is hard to detect than many other forms of phishing. In these attacks
hackers sit between the user and the website or the system. They record the information being entered
by the user but continue to pass the user on to the next steps so that user transactions are not affected
and the user remains unaware. Later, they sell or use the information which may be credentials, credit
card details, and bank account details.
Search Engine Phishing
Phishers develop e-commerce websites with attractive offers. Later these sites are indexed
legitimately with different search engines. When users search for products or services, these sites are
shown by the search engine and are fooled into giving up their information. For example, scammers
have set up false banking sites that offer lower credit costs or better interest rates than other banks.
Victims are often encouraged to transfer account details. In this way, they are deceived into giving up
their details.
Social Engineering
Social engineering, in the context of information security, refers to psychological manipulation of
people into performing actions or divulging confidential information. A type of confidence trick for
the purpose of information gathering, fraud, or system access, it differs from a traditional "con" in that
it is often one of many steps in a more complex fraud scheme.
The term "social engineering" as an act of psychological manipulation is also associated with the
social sciences, but its usage has caught on among computer and information security professionals.All social engineering techniques are based on specific attributes of human decision-making known
as cognitive biases. These biases, sometimes called "bugs in the human hardware", are exploited in
various combinations to create attack techniques, some of which are listed. The attacks used in social
engineering can be used to steal employees' confidential information. The most common type of social
engineering happens over the phone. Other examples of social engineering attacks are criminals
posing as exterminators, fire marshals and technicians to go unnoticed as they steal company secrets.
One example of social engineering is an individual who walks into a building and posts an official-
looking announcement to the company bulletin that says the number for the help desk has changed. So,
when employees call for help the individual asks them for their passwords and ID's thereby gaining
the ability to access the company's private information. Another example of social engineering would
be that the hacker contacts the target on social networking site and start conversation with the target.
Slowly and gradually, the hacker gains trust of the target and then uses it to get access to sensitive
information like password or bank account details.
Pretexting
Pretexting (adj. pretextual), also known in the UK as blagging or bohoing, is the act of creating and
using an invented scenario (the pretext) to engage a targeted victim in a manner that increases the
chance the victim will divulge information or perform actions that would be unlikely in ordinary
circumstances. An elaborate lie, it most often involves some prior research or setup and the use of
this information for impersonation (e.g., date of birth, Social Security number, last bill amount) to
establish legitimacy in the mind of the target.
Diversion Theft
Diversion theft, also known as the "Corner Game" or "Round the Corner Game", originated in the
East End of London.
In summary, diversion theft is a "con" exercised by professional thieves, normally against a transport
or courier company. The objective is to persuade the persons responsible for a legitimate delivery
that the consignment is requested elsewhere hence, "round the corner".
Baiting
Baiting is like the real-world Trojan Horse that uses physical media and relies on the curiosity or
greed of the victim.
In this attack, the attacker leaves a malware infected floppy disk, CD-ROM, or USB flash drive in a
location sure to be found (bathroom, elevator, sidewalk, parking lot), gives it a legitimate looking and
curiosity-piquing label, and simply waits for the victim to use the device.
In either case, as a consequence of merely inserting the disk into a computer to see the contents, the
user would unknowingly install malware on it, likely giving an attacker unfettered access to thevictim's PC and, perhaps, the targeted company's internal computer network.
Unless computer controls block the infection, PCs set to "auto-run" inserted media may be
compromised as soon as a rogue disk is inserted.
Hostile devices, more attractive than simple memory, can also be used. For instance, a "lucky
winner" is sent a free digital audio player that actually compromises any computer it is plugged to.
Tailgating
An attacker, seeking entry to a restricted area secured by unattended, electronic access control, e.g.
by RFID card, simply walks in behind a person who has legitimate access. Following common
courtesy, the legitimate person will usually hold the door open for the attacker or the attackers
themselves may ask the employee to hold it open for them. The legitimate person may fail to ask for
identification for any of several reasons, or may accept an assertion that the attacker has forgotten or
lost the appropriate identity token. The attacker may also fake the action of presenting an identity
token.
No comments:
Post a Comment