What Is Phishing?
Phishing is a kind of social engineering. Similar to "fishing", this kind of cyber attack is when a malicious actor impersonates a trustworthy sender, sends a deceptive message to a victim, and sets "bait" to lure the victim into clicking on malicious links and revealing sensitive data on fake websites. Using the obtained information, the malicious actor can seek economic gain by directly transacting on the personal data of the victim or by launching further cyber attacks. The malicious actor may also attach malware to phishing attempts. After the victim opens the attachment, the malware intrudes on and runs on the victim's system. In addition, the malicious actor may mislead the victim to incorrectly transfer funds or assets to others.
How Phishing Can Succeed
Phishing attackers often design phishing information to prey on human nature. Such information usually capitalizes on a victim's fear or curiosity, or creates tension by emphasizing the urgency of time. In this way, the victim hastily performs operations without taking the time to carefully consider whether the information is authentic. Typical phishing tricks include informing users that their accounts are at risk or by notifying users that they have won big prizes. Moreover, attackers sometimes fabricate phishing information based on current events, especially social events that spread widely, affect a large number of groups, and often arouse people's empathy.
The reason why phishing has a certain success rate is that phishing information uses psychological manipulation to affect people's emotions and then influence their behavior. We cannot enumerate all existing phishing "bait". However, understanding phishing techniques and improving cyber security awareness can help us effectively avoid phishing risks.
Common Types of Phishing
Email phishing is the most common type of phishing. Attackers use emails to carry phishing information because emails are widely used and many phishing technologies, such as link manipulation, are more likely to be present in emails. In addition, enterprises usually use emails as a tool for internal communication. Given that phishing is often the first step to intruding on enterprise systems, email phishing has become the first choice for many attackers.
Phishing emails typically have some features in common. For example, these emails often create a sense of emergency, containing information such as "please handle this as soon as possible" and "it's urgent", which leads to victims disclosing personal information to attackers out of panic. What's more, is that phishing emails often contain syntax and spelling errors, while emails sent from official organizations usually do not contain such errors.
There are various forms of email phishing. Some common email phishing techniques are listed below.
Spear phishing is a more targeted type of email phishing. Relatively speaking, common email phishing is more random. Attackers cast a wide net and do not have specific details on their victims, but disseminate their emails widely in the hope that a few will fall for the scam. Spear phishing, on the other hand, targets specific victims. By conducting a detailed investigation of a victim's characteristics, position, and contacts through social engineering, spear phishers formulate a highly reliable phishing technique to increase their rate of success. Spear phishing is often the first step in breaking past the defense line of an enterprise's security system.
The following is a typical example of what happens: A victim in the Human Resources department of a company receives an email from a sender who claims to be a job applicant. The email contains an attachment that is disguised as a resume, but is in fact an executable Trojan horse. The victim is accustomed to receiving resumes from others and downloads the attachment, falling into the trap of the attacker.
As the name suggests, whaling involves hunting for the big fish within a company. It is a special type of spear phishing that targets a company’s top executives. The reason why whaling attracts wide attention is that top executives usually have access to a large amount of sensitive company data. Successful whale phishing attacks could cause great losses to a company.
Strictly speaking, the business email compromise (BEC) technique forms a part of spear phishing and is usually the second step of whaling. In a BEC scam, an attacker pretends to be a decision maker in a company and sends instructions related to funds and interests to other departments or individuals of the company through emails. Different from traditional phishing, such attacks do not target victims' personal information or have victims download malicious software or click on malicious links. Instead, they steal funds directly, for example, by requiring a company's finance department to initiate a transfer to a partner or customer. Although BEC attacks are less technical than other phishing techniques, they can still cause huge economic losses to companies.
For example: A victim from a company's finance department receives a private email from the company's CEO, asking him/her to initiate a remittance of up to tens of millions of dollars to a third-party partner and to keep the remittance confidential. Out of trust in the company's CEO, the victim initiates the transfer and falls into the attacker's trap.
Vishing and Smishing
Vishing and smishing are phishing attacks that happen over your phone, either through calls or SMS messages. The two techniques are aimed at elderly victims who are not familiar with the Internet and do not know about attackers' "exquisite" tricks. They are therefore less susceptible to more high-tech attacks. For this group of people, attackers use more traditional methods, that is, phone calls or text messages. Many attackers use robots to complete the deception, as high-level robots can now almost perfectly imitate humans, which significantly improves the efficiency of attackers.
Social Media Phishing
Social media has long become an integral part of our lives. We use social media to share personal information and we have linked bank accounts and credit cards to our profiles to make online payments. This makes it possible for criminals to use social media to launch phishing attacks. Social media phishing includes phishing attacks spread through social media, phishing attacks planned by collecting victims’ information on social media, and phishing attacks that hack into victims' social media accounts.
Here is an example: After hacking into a victim's social media account, an attacker uses the account to send a QR code or link to the user's relatives and friends, who unlikely to suspect their friend and are therefore more likely to become new victims themselves.
Pharming is a more complex and effective method of phishing. It can be carried out either by changing the hosts file on a victim's computer or by exploiting a vulnerability in DNS server software. A pharming hacker can redirect victims to a phishing or malicious website after they enter a website address. In most cases, the success of common phishing attacks is the result of carelessness or the victim's lack of security awareness. However, when a threat actor launches a pharming attack, even if a victim enters a website's address correctly, the attacked DNS server will still redirect the victim to a malicious website.
Evil Twin Attack
Many people have had the experience of connecting to free Wi-Fi hotspots in public places. These free hotspots are likely to be Wi-Fi access points forged by evil twin attack hackers. A hacker creates a fake Wi-Fi access point in a public place, that is, an "evil twin" of the real Wi-Fi access point, to deceive victims into connecting to it. Once the victims' devices are connected to the Internet, the hacker can steal the victims' account passwords and personal information.
How to Prevent Phishing
The most important thing to do to prevent phishing is to cultivate cyber security awareness and develop good network usage habits. Publicity of cyber security knowledge can make people better aware of the serious consequences of phishing and understand commonly used phishing techniques. In this way, people know to set more complex passwords to protect their accounts and to remain vigilant when viewing emails, reading SMS messages, and listening to voicemails.
Using real cases deepens the impression and helps people understand that everyone is at risk of becoming a victim of phishing. In order to enable people to truly exercise their ability to cope with phishing, some tools and websites can also be used to simulate phishing attacks.
Enterprises need to strengthen cyber security construction and use multi-factor authentication (MFA) to improve the account security of applications; keep software and systems updated; and periodically scan systems for hosts that may be under threat.
How Huawei Products Help Protect You from Phishing
Huawei products and solutions can help you cope with and protect against phishing attacks.
- HiSec Security Solution
The HiSec solution makes threat detection, threat handling, and security O&M more intelligent, improving threat defense capabilities and security O&M efficiency. The zero trust solution can well solve the problem of user permission theft. By leveraging user behavior analysis, user credit scoring, and other means, you can detect risky accounts in a timely manner and terminate related permissions.
- Huawei Qiankun Security CloudService Solution
Huawei Qiankun Security CloudService Solution offers border protection and response capabilities, which help automatically block external attack sources, generate real-time alarms for compromised hosts, and accurately intercept malicious files.
- HiSec Insight Advanced Threat Analytics System
HiSec Insight can detect emails containing malicious attachments based on Internet access traffic and quickly block and contain detected attacks by interworking with devices.
- FireHunter6000 Series Sandbox
The FireHunter series sandboxes use the multi-engine virtualized detection technology and traditional security detection technology to identify malicious files and C&C attacks transmitted on the network, effectively preventing the spread of unknown threats and the loss of enterprise core information assets.
- USG6000F Series Firewall
USG6000F series AI firewalls provide content security functions, such as application identification, IPS, antivirus, URL filtering, and mail filtering to protect intranet servers and users against threats.
- Author： Zhu Simiao
- Updated on： 2023-06-26
- Views： 1984
- Average rating：