{"id":44416,"date":"2018-11-10T00:23:16","date_gmt":"2018-11-10T06:23:16","guid":{"rendered":"https:\/\/www.etechgs.com\/?p=10565"},"modified":"2018-11-10T00:23:16","modified_gmt":"2018-11-10T06:23:16","slug":"anatomy-security-phishing","status":"publish","type":"post","link":"https:\/\/demo.etslabs.ai\/etech26\/anatomy-security-phishing\/","title":{"rendered":"The Anatomy of Security Phishing"},"content":{"rendered":"

Although we continue to take measures to secure our systems and facilities, malicious actors will always attempt to identify a weak link to any organization. They no longer smell silicon. They smell<\/u> blood. What this means is that attempts to exfiltrate a secure system or obtain secure and confidential files will start with the individual. A malicious actor will attempt to exploit someone to get this information. We have been discussing this at length as it has become a significant tool in the arsenal. It is called Phishing<\/strong>!<\/p>\n

We will cover this term to ensure we can all recognize a Phishing attempt when it occurs. Why? Because hackers are altering their methods and becoming more sophisticated as employees become more security conscious. With this brief, we will be discussing six of the most common phishing attacks.<\/p>\n

    \n
  1. \n

    Deceptive Phishing<\/h2>\n

    The most common type of phishing scam, deceptive phishing<\/strong> refers to any attack by which fraudsters impersonate a legitimate company and attempt to steal people\u2019s personal information or login credentials. Those emails frequently use threats and a sense of urgency to scare users into doing the attackers\u2019 bidding.<\/p>\n

    For example,\u00a0Bank account scammers<\/a>\u00a0might send out an attack email that instructs them to click on a link in order to rectify a discrepancy with their account. In actuality, the link leads to a fake banking institution login page that collects a user\u2019s login credentials and delivers them to the attackers.<\/p>\n

    The success of a deceptive phish hinges on how closely the attack email resembles a legitimate company\u2019s official correspondence. As a result, users should scrutinize all URLs to see if they redirect to an unknown website. They should also look out for generic salutations, grammar mistakes, and spelling errors scattered throughout the email.<\/li>\n

  2. \n

    Spear Phishing<\/h2>\n

    Not all phishing scams lack personalization \u2013 some use it quite heavily.<\/p>\n

    For instance, in spear phishing<\/strong> scams, fraudsters customize their attack emails with the target\u2019s name, position, company, work phone number, and other information in an attempt to trick the recipient into believing that they have a connection with the sender.<\/p>\n

    The goal is the same as deceptive phishing: lure the victim into clicking on a malicious URL or email attachment, so that they will hand over their personal data.<\/p>\n

    Spear-phishing is especially commonplace on social media sites like\u00a0LinkedIn<\/a>, Twitter<\/u>, or Facebook<\/u> where attackers can use multiple sources of information to craft a targeted attack email.<\/p>\n

    To protect against this type of scam, employees must remain aware of these types of attempts and be able to spot them. We should also discourage users from publishing sensitive personal or corporate information on social media.<\/li>\n

  3. \n

    Executive FRAUD (Whaling Attack)<\/h2>\n

    Spear phishers can target anyone in an organization, even top executives. That\u2019s the logic behind a \u201cwhaling<\/a><\/strong>\u201d attack, where fraudsters attempt to harpoon an executive and steal their login credentials and\/or use the information to attempt to convince another individual within the organization that a request is being carried out by the executive. You should always be on the lookout for these attempts as the fraudsters are becoming more creative by the day. Always check the \u201creply to\u201d field. Does the email actually go back to the executive email or does another email pop up?<\/p>\n

    Fraudsters can choose to conduct Executive fraud where attackers impersonate an executive and spoof that individual\u2019s email to authorize fraudulent wire transfers or changes to account information to a financial institution of their choice.<\/p>\n

    NEVER<\/strong> complete financial or confidential information requests using only email authorization. Always clarify with a phone call to the executive making the request.<\/li>\n

  4. \n

    Pharming<\/h2>\n

    As users become savvier to traditional phishing scams, some fraudsters are abandoning the idea of \u201cbaiting\u201d their victims entirely. Instead, they are resorting to\u00a0pharming\u00a0<\/a><\/strong>\u2013\u00a0a method of attack which stems from a domain name system (DNS) cache poisoning.<\/p>\n

    The Internet\u2019s naming system uses DNS servers to convert alphabetical website names, such as \u201cwww.microsoft.com,<\/a>\u201d to numerical IP addresses used for locating computer services and devices.<\/p>\n

    Under a DNS cache poisoning attack, a pharmer targets a DNS server and changes the IP address associated with an alphabetical website name. That means an attacker can redirect users to a malicious website of their choice even if the victims entered in the correct website name.<\/p>\n

    To protect against pharming attacks, organizations must encourages their employees to enter in login credentials only on approved HTTPS-protected sites. This also encourages implementing anti-virus and filtering software on all corporate devices and performing virus database updates, along with security upgrades on a regular basis.<\/li>\n

  5. \n

    Dropbox Phishing<\/h2>\n

    While some phishers no longer bait their victims, others have specialized their attack emails according to an individual company or service.<\/p>\n

    For example, millions of people use Dropbox every day to back up, access and share their files. It\u2019s no wonder, therefore, that attackers would try to capitalize on the platform\u2019s popularity by targeting users with phishing emails.<\/p>\n

    One attack campaign<\/a>, for example, tried to lure users into entering their login credentials on a fake Dropbox sign-in page hosted on Dropbox itself.<\/p>\n

    To protect against Dropbox phishing attacks, users should consider implementing\u00a0two-step verification<\/a>\u00a0(2SV) on their accounts.<\/li>\n

  6. \n

    Google Docs Phishing<\/h2>\n

    Fraudsters could choose to target Google Drive similar to the way they might prey upon Dropbox users.<\/p>\n

    Specifically, as Google Drive supports documents, spreadsheets, presentations, photos and even entire websites, phishers can abuse the service to create a web page that mimics the Google account log-in screen and harvests user credentials.<\/p>\n

    A group of attackers\u00a0did just that<\/a>\u00a0back in July of 2015. To add insult to injury, not only did Google unknowingly host that fake login page, but a Google SSL certificate also protected the page with a secure connection.<\/p>\n

    Once again, users should consider implementing 2SV to protect themselves against this type of threat.<\/li>\n<\/ol>\n

    CONCLUSION<\/h2>\n

    Using the guide above, you will be able to more quickly spot some of the most common types of phishing attacks. But that doesn\u2019t mean you will be able to locate each and every phish. On the contrary, phishing is continually evolving to adopt new forms and techniques. We must continue to research and seek new methods to counter these attacks and create awareness for all employees.<\/p>\n

    DO NOT BECOME THE NEXT VICTIM OF A PHISHING ATTACK!<\/h2>\n

    If you have any questions and\/or comments on how we can continue to improve security at Etech, please feel free to reach out to security@etechgs.com<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"

    Although we continue to take measures to secure our systems and facilities, malicious actors will always attempt to identify a […]<\/p>\n","protected":false},"author":1,"featured_media":45371,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"episode_type":"","audio_file":"","podmotor_file_id":"","podmotor_episode_id":"","cover_image":"","cover_image_id":"","duration":"","filesize":"","filesize_raw":"","date_recorded":"","explicit":"","block":"","itunes_episode_number":"","itunes_title":"","itunes_season_number":"","itunes_episode_type":"","footnotes":""},"categories":[154],"tags":[780,781,782],"class_list":["post-44416","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog","tag-security","tag-security-phishing","tag-the-anatomy-of-security-phishing"],"acf":[],"_links":{"self":[{"href":"https:\/\/demo.etslabs.ai\/etech26\/wp-json\/wp\/v2\/posts\/44416","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/demo.etslabs.ai\/etech26\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/demo.etslabs.ai\/etech26\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/demo.etslabs.ai\/etech26\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/demo.etslabs.ai\/etech26\/wp-json\/wp\/v2\/comments?post=44416"}],"version-history":[{"count":0,"href":"https:\/\/demo.etslabs.ai\/etech26\/wp-json\/wp\/v2\/posts\/44416\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/demo.etslabs.ai\/etech26\/wp-json\/wp\/v2\/media\/45371"}],"wp:attachment":[{"href":"https:\/\/demo.etslabs.ai\/etech26\/wp-json\/wp\/v2\/media?parent=44416"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/demo.etslabs.ai\/etech26\/wp-json\/wp\/v2\/categories?post=44416"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/demo.etslabs.ai\/etech26\/wp-json\/wp\/v2\/tags?post=44416"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}