Phishing:
Phishing is a cyberattack where attackers pretend to be
someone known to trick individuals into revealing sensitive information,
for example, credit card details, passwords, usernames or other personal
details. These attacks often occur through deceptive emails, messages, or
websites that appear legitimate.
Spear phishing :
It is a phishing attack targeted to a
specific person or group. Regular phishing casts to a broader range of targets,
but this spear phishing attack is personalized to make it more
convincing. Attackers usually spend time gathering information about
their target, such as their name, job title, company, or even personal
interests, to craft a believable message.
For example, you might receive an email that looks like it's
from your manager, asking you to urgently share confidential data or click a
link to approve a payment. Since it appears to come from someone
you know and the message feels relevant, you're more likely to fall for it.
The goal is often to steal sensitive information, such as
login credentials, or to trick the target into performing an action that
benefits the attacker, like transferring money. Spear phishing is commonly
used in cyber espionage and corporate attacks because of its high success
rate.
How to Recognize and Avoid Spear Phishing
- Double-check the sender's email address for any
Errors.
- Be cautious of requests that require any urgent
action.
- Verify unusual requests through another
communication channel.
- Look for subtle spelling or formatting errors in
the message.
Whaling Attack :
It is a phishing attack that specifically
targets high-level executives such as CEOs, CFOs, or directors. The
term "whaling" comes from the idea that these high-value targets
are like "big fish" in a company.
Attackers aim to exploit the authority and access these
individuals have to steal sensitive information, such as financial data or
intellectual property, or to trick them into approving fraudulent transactions.
Because executives are often busy and may not scrutinize every email closely,
they can be more vulnerable to well-crafted attacks.
Example of a Whaling Attack
Imagine a CFO receiving an email that appears to be from the company's CEO, urgently asking them to transfer a large sum of money to a specific account for a "critical business deal." The email might be personalized with the CEO's signature and other details to make it look genuine. If the CFO doesn't verify the request, they might unknowingly comply with the attacker's demands.
How to Prevent Whaling Attacks
- Educate
Employees: Train employees with phishing courses to identify
phishing emails.
- Implement
Approval Processes: Setting up multiple levels of approval for
sensitive actions, like wire transfers, which
require multiple approvals.
- Use
Advanced Security Measures: Deploy email filtering tools like
Barracuda Email Security Gateway and Proofpoint Essentials
to detect spoofed addresses and malicious content.
- Verify
Requests: Always confirm high-stakes requests via a different
communication channel, like a phone call.
How Attackers Perform Phishing:
------
Email Spoofing:
Attackers craft fake emails that look like they are from
legitimate sources (e.g., banks and social media platforms). These emails also
might contain malicious links or attachments
Deceptive Emails:
Example: You receive an email from
"support@paypa1.com" saying, "Unusual activity detected
in your account. Log in to verify."
- The
link directs you to a fake PayPal website where attackers steal your
credentials.
Fake Websites:
·
Example: An email claims, "Claim
your Amazon gift card now!" and links to
"amaz0n-offers.com."
- The site looks like
Amazon but is designed to capture your login details.
Malicious Links:
·
Example: A message says, "View your
pending invoice here," with a link like
"www.myinvoicetracker.xyz."
- Clicking
downloads malware that steals personal data.
Infected Attachments:
·
Example: An email pretending to be from your HR
team includes an attachment named "Salary_Slip_2024.docm."
- Opening it runs a malicious macro, compromising your system.
Fear-Based Messages:
·
Example: "Your bank account is
locked. Click here to unlock it within 24 hours!"
- Victims act in panic, clicking links without verifying authenticity.
Too Good to Be True Offers (Exploiting Human Curiosity):
·
Example: "Congratulations! You've
won $1,000,000. Claim now by clicking here!"
- These
links usually lead to malware or phishing sites.
Social Media Exploitation:
·
Example: Attackers see you tweeted about your
bank and send a fake customer support message, like:
·
"Hi Pranghi, we noticed your issue.
Click here to resolve: bank-support-help.com."
·
Example: A caller claims to be from your bank,
saying: "We detected suspicious activity. Verify your card details
now."
- They record your responses to steal your information.
Smishing (SMS Phishing):
·
Example: You get a text: "Your
delivery is delayed. Update your address here:
del-tracker.com/update."
- Clicking takes you to a fake login page.
Business Email Compromise (BEC):
·
Example: You get an email from your
"CEO" saying: "Please transfer 1 lakh INR to this
account urgently for a vendor payment."
- Attackers generally fake the email address to look like your boss or higher official.
Phishing succeeds by preying on human emotions like trust,
fear, or curiosity, coupled with carefully designed methods to impersonate
legitimate entities.
Analysis of Phishing Attacks
- Kindly
perform Email Header Analysis: Examine the sender's email headers
to detect any spoofed addresses or domains.
- Link
Inspection: If the email has URLs / links, Analyze the URLs in emails
using tools like VirusTotal or sandbox environments.
- Payload
Examination: If an attachment is present, test it in a secure
environment to identify malicious code.
- Victim
Reporting: Check with the victim about the email because it can be
spam. If it is identified as spam, mark it as spam on
the email gateway. If not, inform the victim and collect details about the
email or interaction to identify potential patterns.
- Log
Analysis: Investigate login attempts, IP addresses, and session logs
to identify unauthorized access.
