Cyber crime has become a powerful strategy for criminals to extort money from unsuspecting internet users. Norton reported that cyber criminals stole a total of £130bn from consumers in 2017. The main method criminals used to extort money and personal details was phishing.
In this post we are going to show you the main forms of phishing that criminals use. The information below was supplied by MetaCompliance the authors of the Ultimate Guide To Phishing
First, what is phishing?
Phishing is a type of online scam where fraudulent email messages that appear to come from a legitimate source are sent to list of people or specific contacts. The email is designed to trick the recipient into entering confidential information into a fake website by clicking on a link.
This email would usually include a link or attachment which once clicked, will steal sensitive information or infect a computer with malware. The cyber criminals will use this information to commit identity fraud or sell it on to another criminal third party, likely through the dark web.
That was the general gist of phishing. Below is a more in depth look at phishing.
Spear PhishingSpear - Phishing is a more targeted attempt to steal sensitive information and typically focuses on a specific individual or organisation. These types of attack use personal information that is specific to the individual in order to appear legitimate.
VishingVishing refers to phishing scams that take place over the phone. It has the most human interaction of all the phishing attacks but follows the same pattern of deception. The fraudsters will often create a sense of urgency to convince a victim to divulge sensitive information.
WhalingWhat distinguishes this category of phishing from others is the high-level choice of target. A whaling attack is an attempt to steal sensitive information and is often targeted at senior management.
SmishingSmishing is a type of phishing which uses SMS messages as opposed to emails to target individuals. It is another effective way of cybercriminals tricking individuals into divulging personal information such as account details, credit card details or usernames and passwords.
Clone PhishingClone Phishing is where a legitimate and previously delivered email is used to create an identical email with malicious content.
Clickjacking is the mechanism that misleads users when they follow a link to any site; it redirects the user to a malicious webpage. Clickjacking has become very effective. It is often used to spread through the Facebook links to the malicious websites. Recently, these techniques proved their effectiveness to breach the anonymity of website’s visitors. Also, following a sly link may lead to an attacker that will gain an access to the OAuth data. Let us see how it happens.
Classic application of clickjacking - spreading links through the Facebook
The attacker hides the “Like” or “Share” buttons in a transparent iframe in the classic scenario of clickjacking. This iframe is located above the element of page, which should be clicked by the user; also iframe can follow the mouse cursor. When we click on the element it is redirected to the invisible “Like” or “Share” buttons. Such operations are not limited to the Facebook, the attacker only needs to hide the elements of another website in the iframe.
Below is shown a typical message that can be seen in the net of Facebook, if one of our connections were intercepted by clickjacking: