Phishing - CompTIA Security+ SY0-701 - 2.2

00:01

Phishing is a term we use to describe social engineering

00:05

that uses a number of different communications methods to make

00:09

you think that something is real, when in fact,

00:12

it really isn't.

00:13

This is usually delivered by mail, text message,

00:16

or some other communication method

00:18

in order to have you give up information

00:20

that normally would be private.

00:22

This might be a username and password

00:24

you use to log into a service or it

00:26

may be some private information about yourself.

00:28

We can usually check the links in these messages

00:31

to see if they're pointing towards a well-known and

00:34

well-trusted site, but if it's a phishing message,

00:37

it probably is going to a different location

00:39

than what you would normally expect.

00:41

And very often there's something not quite right

00:44

with the information that's being provided.

00:46

For example, this is the web mail login to Rackspace,

00:49

or at least it's pretending to be that.

00:51

You can see that it tends to have a problem with the spacing

00:54

and some of the fonts inside of this message, which

00:57

might lead us to believe that this is not really

01:00

the Rackspace login page.

01:02

I got to that page by following this email that

01:05

was inside my spam folder.

01:07

And it says, "dear user, we notice

01:08

your email has not been confirmed for the new upgraded

01:11

service."

01:12

Well, I certainly want the upgraded service.

01:14

It says, "I will be blocked from sending and receiving

01:16

emails if not confirmed."

01:18

So now they're giving us a deadline

01:20

on when we need to click this link,

01:22

and we can simply click the Confirm Email Now.

01:25

If you look closely at the sender of this message,

01:28

it's associated with an icloud.com address,

01:31

which is an Apple service.

01:33

This is obviously a message for someone

01:35

who has email on a Rackspace service.

01:38

This means the information contained in this message

01:40

doesn't quite ring true and we might

01:42

want to do a little bit of extra research

01:44

before clicking any of these links.

01:46

As a good best practice, in fact, you

01:48

would never click a link that's inside of your email,

01:51

but for the purposes of showing you what can really happen,

01:53

I went ahead and clicked the link

01:55

that said Confirm Email Now.

01:57

It brought me then to a Rackspace login page,

02:00

and it almost looks like a real Rackspace page.

02:04

There are a few things that are a little bit different.

02:06

If we put these side by side, you

02:08

can see that the phishing email took me to the image

02:11

that you see on the top, but the actual Rackspace login page

02:15

is the one on the bottom.

02:16

It's interesting that they added the same suspicious email image

02:21

to try to make you think that you really

02:23

were logging in to a legitimate Rackspace page.

02:27

In that previous example, the attacker

02:29

was trying to get us to give up our username and password

02:32

into that email service.

02:34

And that's what these email messages are trying to do

02:37

is convince you that they are someone else

02:39

and convince you to give up some of your information.

02:42

We tend to trust email sources, and because of that,

02:45

we tend to click on links that are inside of the email.

02:48

But obviously, this can run into some significant security

02:52

problems.

02:52

As we noticed with the message that was in my Spam folder,

02:55

the email addresses that were used as the sender were

02:59

not quite what we expected.

03:01

In some cases, they might spoof an actual email address

03:04

from that company or they'll use an address

03:07

that's very close to the email of that company.

03:10

For example, if you receive an email that says it's from

03:12

[email protected] you might say that looks like

03:17

the same domain name, but in reality,

03:20

my last name is spelled M-E-S-S-E-R .com.

03:24

And that's how you would know that this particular address

03:27

probably wasn't sent by Professor Messer.

03:30

Someone gaining access to my email

03:32

could certainly allow them to send other emails

03:34

from my account or they could look through the emails that

03:37

are already in my account to see if there's

03:39

some financial information or logins that they could use.

03:43

For instance, they could go to PayPal.

03:45

They could use the reset password feature.

03:48

It's sent back to my email, which

03:50

now the attacker has access to.

03:52

Or they may just be trying to have you click that link,

03:55

and if you click that link, it takes you to a website

03:58

that downloads malware and infects your system.

04:01

The attackers use a number of different ways

04:04

to trick and misdirect you into clicking the links

04:07

or believing that what you've received

04:09

is from a legitimate source.

04:11

This might be something like typosquatting.

04:13

If you look at the destination for the link they've provided,

04:17

you might see that the destination is

04:19

professormessor.com, and we've already

04:21

seen that is not a legitimate, fully qualified domain

04:24

name, which normally would be professormesser.com.

04:28

We refer to this type of misdirection or hijacking

04:31

as typosquatting.

04:33

But what the attackers are really good at

04:35

is outright lying.

04:37

We refer to this as pretexting.

04:39

They're going to make up a story and drag you

04:41

into this particular drama in the hopes

04:44

that you'll click a link or login to a site

04:46

and they can gain access to your username and password.

04:50

Or maybe they call you on the phone and say, "hi,

04:52

we're from Visa, and this is about an automated payment

04:55

to your electrical services.

04:56

It didn't go through.

04:58

So you'll need to give me those details over the phone."

05:00

In reality, of course, they're not from Visa,

05:03

there's not any problem with your automated payments,

05:05

but they're trying to gain access to your credit card

05:08

information.

05:09

We even categorize that type of over-the-phone communication

05:13

as vishing, or voice phishing, where

05:16

someone will spoof a caller ID, say

05:19

that they're from your bank, and then

05:20

get you to give up information about your account

05:23

details, your login, and other private information.

05:26

If you have a mobile phone, you've

05:28

probably seen this type of phishing

05:29

delivered as a text message.

05:31

We refer to this type of phishing as smishing, which

05:35

is a reference to SMS, or the Short Message

05:38

Service, which is the formal name for this text messaging.

05:41

I get text messages like this one all the time.

05:44

This one says it's from USPS, and it

05:46

says that I have a package that needs to be delivered,

05:49

but it's been suspended due to an incorrect delivery address.

05:52

And they're hoping that you click that link

05:54

to be able to log into your account, and at that point,

05:58

they have your username and password.

06:00

And of course, there are many, many, many, many other scams

06:03

that they can go through.

06:04

There's the fake check scam, the phone verification code scam,

06:08

and many others.

06:09

I would highly recommend you become

06:11

familiar with these types of scams and phishing techniques.

06:15

You may be the person that's able to stop your friends

06:17

or family from falling victim to one of these scams.