Gridinsoft Logo

Phishing: Attack Techniques & Examples

Phishing is a kind of attack of tricking you into sharing login/password, credit card, and other sensitive information by posing as a trusted institution or private person in an email or on-site.

You may be interested in taking a look at our other antivirus tools:
Trojan Killer, and Online Virus Scanner.

What is Phishing? Attack Techniques & Examples | Gridinsoft

What is Phishing?

September 17, 2024

Oh, someone has sent a link to a Twitter post! Let’s check it. Oh, it offers me to log into my account. It’s odd - I have just used Twitter. What? Is the password incorrect? It can’t be true. I am sure I know my password. Why do all my friends complain that I send them tons of spam?

Phishing is one of the most widespread credential-stealing methods cybercriminals use worldwide. It is effortless to disguise. Its efficiency is extremely high, and - it is hard to blame the phishing organization for any cybercrime. The victim brings them the credentials himself, without any forcing from the crooks, so it can barely be classified as extortion or malware spreading.

The ways of phishing are numerous, and it is likely impossible to mention them all don’t miss one. However, several phishing methods are the most widespread nowadays. They always were the most widely used because of their simplicity and the high chance that the victim would be trapped. Meet the “heroes”!

Website counterfeiting

This method may be done in two ways - graceful and clumsy. The agile method is rarely used since it needs the infected network router, which the victim uses to connect to the Internet, or a specific malware on a victim’s device. An infected router is needed to intercept the packages the victim sends to the server (if the connection is unsecure) or to re-route the request on the counterfeited site.

Malware on the victim’s device is needed to change the networking settings to forcibly open the phishing page in an attempt to open a legit source. Malware targets the HOSTS file in Windows that contains DNS information for sites that must be connected through not standard DNS addresses. Fraudsters add a specific DNS for Twitter or Facebook to force the PC to show you the phishing site. Once changed, the DNS address will cause each of the browsers to send requests from the specified DNS, which is controlled by crooks.

Clumsy methods have some details in common with graceful ones but do not require interruption into the victim's computer. These phishing methods look like a simple redirect from a certain website on a page with “fasebook.com” or “tvvitter.com”. Such a link may be placed on the forum or be in a spam email message as well. It is straightforward to detect the counterfeit when you are not hurrying and have enough time to check the address bar, but you may surely miss this detail when shocking statements accompany the redirection link.

Modern shape of a well-known fraud

In 2020-2024, the cybersecurity world witnessed a massive email spamming campaign, which was a part of a phishing scheme. The victim received a scary message that mimicked, for example, the notification from the bank. In this message, the person was told that the conditions for serving his credit card (or debit, whatever) are changed, so they must approve these alterations. Otherwise, as the email promises, the account(s) will be blocked.

To approve the “changes”, you are instructed to follow the link at the message’s bottom. This link led to a poor copy of the bank site, exactly to the login page. After the attempt to log in, you will see only an error message. The fake page is tough to confuse with the original one, but when you are scared or visit a real online banking site, quite rare, it is easy to think that you are on the original one. After such a mistake, your money will be a big hazard - fraudsters have full access to your online banking.

Phone phishing

Have you ever got a call from your bank's safety service? If not, no one likely tried to fool you in that way. That method disappeared several times but then got back into view repeatedly. As you may already understand, you receive a phone call from a person who grants himself an employee of the security service of your bank. They claim that your account and your bank card are blocked due to unauthorized login attempts. To unblock the account, you must only say the security code you get on the phone number related to the mentioned bank account.

In fact, this security code is a code that approves the password reset. Fraudsters (and a person from “bank security service”) are just attempting to log into your online banking account, and the digits you report are a key to all money you have in your bank account.

Phishing forms to get your personal information

Sometimes, you may see the offers to fill out a simple form and get a reward of some sort - a pack of badges, a certificate for courses in origami, or an invitation to the exhibition. In that form, you need to answer some easy, sometimes absurd, questions and write your name, email, and phone number; sometimes, they also ask about your address. Under the guise of a legitimate “quiz”, crooks receive the full pack of your personal information.

After collecting information from a certain number of people, these tricksters are free to manage. They can sell it on different platforms (even in Darknet), also can use it to spam you - with email messages or even actual paper letters. Sometimes, they can come to your door with an offer to purchase some useless items for a tripled price. Of course, at that moment, they will try to assure you that these things are irreplaceable for your home and office, and you must buy them for your good.

How to identify a phishing attack

The first and the most obvious sign of a possible phishing attack is a letter that requires some action from you, but you don't remember waiting for such a call. It can be an email or a direct message on social media. If it is anything but plain text, this should alert you. If there is any suggestion that you should download anything or follow a link - think twice before complying.

Phishing messages often have many errors. These can be typos, grammar mistakes, or spelling mistakes. Pay special attention to the mismatch of spelling of company or geographical names throughout the text of the letter. For some reason, phishing campaigns lack proofreading in general.

Regard the Internet as a digital image of the real world. If someone in the street approaches you and says you are a great-grandson of some blue-blooded duke of Austria-Hungary and, therefore, immense heritage awaits you, you will not believe that, will you? The difference between such a claim and a typical phishing bait is that the latter is much easier to dress as official and credible. Don't trust too-good-to-be-true notifications.

Nigerian Prince's letter
The classic example of what is called Nigerian Prince's letter. This one is Libyan, exactly.

You can easily detect spoofed websites, links, and email addresses. Remember that fake websites often lack SSL certificates. You can easily see that without a closed padlock icon and HTTPS in the website's address bar. As for addresses, they can differ from trustworthy websites' addresses by one character so that they look alike, and you suspect nothing. The domain name of a fake website looking just like the one it pretends to be might not match the domain name of the original resource. There might be a subdomain you didn't know about, like support.website.com, but hardly a different domain, like website-support.com.

Phishers take inexperienced users off guard with approaches that, at some point, contradict common sense and rules of business. For example, no company will ask for a password via email. Likewise, no service would ask you to download files to deliver information about your order, pending payments, or postal delivery. They would display such data right in the body of the letter (there might be a file in addition with the same info, though.)

Considering phishing campaigns are often spear attacks, which means they target you in particular, may any letter or short message that looks somewhat strange alert you. If you are getting a letter from your friend where they ask you for financial help, for example, but call you with the rarely used nickname, better contact them via another channel for confirmation.

How to protect yourself from phishing?

Phishing protection
The ways of protecting yourself from phishing

Most phishing cases are conducted mostly thanks to the victim’s inattentiveness. Hence, you may suppose an easy solution - being attentive at each questionable moment. Opening the link you found in the group chat on WhatsApp? Check precisely the address bar because it easily can be something like “tvvitter.com”. You can find a lot of things spoofed, and with the special tools that are available nowadays, this form of fraud is very easy to perform.

To avoid the phishing methods done with malware that modifies your system, check precisely the certificate of the website you are attempting to open. Fraudulent copies which are posted on the bogus DNS address are not able to get an HTTPS certificate. Click the lock icon at the left end of the address bar in your browser - it will show you the information about the certificate's presence. This is, exactly, one of the easiest cybersecurity tricks that still has high efficiency against phishing and spoofing.

Use two-factor authentication. That won't let anyone except the one who has your mobile phone (hopefully, yourself) log into your account. However, your phone might have yet another authentication procedure to unblock it, which would make the authentication to your account multi-factor, which is even better for tackling the consequences of a successful phishing attack.

Should you fall victim to a phishing attack, better have all your valuable data backed up on a hard drive or cloud storage. Phishing attacks may have various consequences, but data protection is the most maintainable countermeasure.

Do not spread your personal information. The quizzes above can look like something peaceful, and you may be interested in their prizes. However, think twice before sharing the information which will be used to make money - they are just exploiting you.

Use a spam filter. This feature of your mailbox will spare lots of your nerve cells. And you need it enabled if you clean up the rubble in your inbox daily. Yes, sometimes an expected letter ends up in the spam folder, but it happens extremely rarely compared to when dangerous and annoying messages miss your inbox.

Ultimate counteraction method for any form of phishing on the computer is anti-malware software. Of course, it is important to note that not each security tool will fit you - programs with an online protection function guarantee the best protection. That feature enables the website filter, which forbids the loading of malevolent counterfeits of popular pages. GridinSoft Anti-Malware may offer you such a function. Moreover, it is also able to get rid of the virus that helps the fraudsters to fool you.

Read also: Hamster Kombat Players Targeted in a New Malware Spreading Scheme

Frequently Asked Questions

Is phishing a cybercrime?
Phishing is a cybercrime because it uses misleading emails, Web sites, and text messages to steal sensitive personal or corporate information. The victim is tricked into handing over personal information, such as credit card info, phone number, or mailing address. As a result, hundreds of unsuspecting users lose their data, bank account information, and social security information daily.
Why is it called phishing?
According to Internet records, the first mention of the word "phishing" dates back to January 2, 1996, by hackers who stole America Online accounts and passwords. Some say the term "phishing" was influenced by the word "fishing”. Similar to fishing. Phishing is also a method of "fishing out" valuable data such as usernames, and passwords in a sea of raw information. Hackers usually use the letter "ph" instead of "f," referring to the original form of hacking known as phone phishing. The creator of Blue Box, John Draper (aka Captain Crunch), coined the term "Fricking." Freaking refers to the technique of breaking into telecommunications systems.
How is phishing done?
Phishing can be carried out via SMS, email messages, social networks, or phones. However, the classic version mainly uses the word "phishing" to describe attacks that come via email. Phishing emails directly reach millions of users and hide among the thousands of benign emails that busy users receive. That’s how they reach such an efficiency - relying upon the fact that a busy user will not check the message diligently.
What is the risk of phishing?
Unfortunately, replying to a phishing email, following a link, or opening any attachments in the email can be extremely risky. The branches usually contain malware, and the links lead to phishing sites. When we look at phishing attacks in the corporate world, we have to evaluate the many risks that phishing attacks can inflict on a business. These include financial risk, human capital, brand damage, financial loss to victims, risk of exposure of their personal information, and in case it is an educational institution, disclosure of university data and systems.
How to spot a phishing email?
The primary purpose of phishing is to steal credentials, such as usernames, passwords, and sensitive information, for example, to forge a digital fingerprint or trick people into sending money. Therefore, always be careful with emails that ask for sensitive information or provide a link where you need to authenticate immediately. Here are the main signs of a phishing email
  • Urgent calls to action or threats;
  • Unknown sender;
  • Misspelling and poor grammar;
  • Mismatched email domains,
  • Strange links or attachments.