Phishing: Common Variations

phishingPhishing is the attempt to acquire sensitive information such as usernames, passwords, and credit card details be masquerading as a trustworthy entity in electronic communications. Communications purporting to be from popular social networking sites, auction sites, banks, online payment processors or IT administrators are commonly used to lure unsuspecting people. A phishing attack is most often initiated with a special type of spam containing a link to a misleading domain name, which appears to be a legitimate site. The e-mail tricks the recipient into visiting the spoofed web site, which mimics a site where the person would feel comfortable entering a username and password or other personal information.

Phishing has also been explained as leveraging or exploiting the design of web pages in a social engineering attack that tricks the user into thinking that they are in a legitimate and secure web session with a trusted site. In reality, the phishing site is designed to install malicious software or acquire personal information. The information is then used by the phisher for identity theft, to steal money, or to commit other fraudulent schemes.


Variations on Phishing

There are several variations on phishing. For example, “spear phishing” is targeted communication toward employees or members of a certain organization or online group. E-mails or other forms of communication are customized with information publicly available on web sites like Facebook or MySpace. In cases where e-mails are utilized, the e-mails will often direct people to a fake login page. One such early example was the early phishing attempts on AOL. A phisher would pose as an AOL staff member and send an instant message to a potential victim, asking them to reveal their password. In order to lure the victim into giving up sensitive information, the message might include imperatives such as “verify your account” or “confirm billing information”. Once the victim had revealed the password, the attacker could access and use the victim’s account for fraudulent purposes or spamming. Phishing became so prevalent on AOL that they added a line on all instant messages stating: “no one working at AOL will ask you for your password or billing information”, though even this did not prevent some people from giving away their passwords and personal information.

“Whaling” is phishing that is targeted at corporate executives, affluent people, and other “big phish”. Like spear phishing, whaling e-mails are often customized with information directed to the resident and sent to a relatively small number of people. One example of whaling was when thousands of bogus subpoenas appearing to be from the U.S. District Court in San Diego were “served” by e-mail on corporate executives. The e-mail contained an image of the official seal from the court and contained a link which purportedly linked to a copy of the entire subpoena. However, the link actually linked to a software installer that installed key-logging software on the user’s computer.

“Clone phishing” is a type of phishing attack whereby a legitimate, and previously delivered, e-mail containing an attachment or link has its content and recipient address (or addresses) taken and used to create an almost identical e-mail. The attachment or link within the e-mail is replaced with a malicious version and then sent from an e-mail address spoofed to appear to come from the original sender. It may claim to be a re-send of the original or possibly an updated version of the original. This technique could be used by the attacker to pivot from a previously infected machine and gain a foothold on another machine.


External Links:

Phishing on Wikipedia

© 2013 David Zientara. All rights reserved. Privacy Policy