Forms of phishing attacks

In this post, want to give a short overview of common social engineering attacks. We often hear about them or nor more or less about them. You probably heard of Phishing. Sure. But, did you know the phishing is a generic name several techniques of attacks. For example, e-mail attack that try to steal your credentials. In general, phishing is a subset of techniques classified under the same group of attacks called social engineering.

Credential harvest

An attacker sends to you a message (typically an e-mail) that contains some URL to the known site. For example, your bank, email provider site etc. When you click on the URL, you will be redirected to a website that is fake one. Typically, the destination page is themed to represent a well-known website in order to build trust to you. When you land to that site it will probably ask you to enter you username and password or even to reset your password.

Malware attachment

An attacker sends you a message with an attachment that contains a dangerous application.
When you open the attachment, some dangerous code (for example some script or even executable file) will run on your device. This software can typically do anything you can do on your device. It could delete your contacts, send them to somebody else, read your files etc. You are usually somehow protected against this, but this attack works almost always. There is always something not protected, by design or by mistake.

Link in attachment

This is an interesting attack, that is combined between first two. An attacker sends you the message that contains a URL, but this time not in the message. The URL is contained in this case in the attachment. When you open the attachment and click on the URL, it will take you to the fake site. After that, it happens the same as in a case of the Credentials Harvest attack.

Link to malware

An attacker sends you a message that contains an URL to an attachment, which is some file sharing site (for example, OneDrive, SharePoint Online, Dropbox etc.). When you click the URL, the attachment opens a dangerous file (some executable, script or macro) is started on your device.

Execution Drive-by-url

An attacker sends you a messages that contains a URL, which redirect you to the website that tries to run some dangerous in the background. This is also known as a watering hole attack.


comments powered by Disqus