Phishing - SY0-601 CompTIA Security+ : 1.1
Summary
TLDRThis script discusses phishing attacks, where scammers impersonate trusted entities to deceive users into revealing personal information. It covers various tactics like spoofing, typosquatting, pretexting, and the dangers of pharming and vishing. The importance of verifying links and being vigilant against spear phishing, especially whaling attacks targeting high-profile individuals, is emphasized to protect against such scams.
Takeaways
- 📧 Phishing is a type of cyber attack where emails are disguised to appear as they come from trusted sources like ISPs, banks, etc., to trick users into clicking malicious links.
- 🔗 Attackers use social engineering and spoofing to create emails that mimic legitimate services, aiming to gather personal information.
- 🔍 Despite the deceptive appearance, phishing emails often reveal themselves through incorrect URLs or minor discrepancies in web page design.
- 🛡️ Users should verify any links in emails by typing the website address directly into the browser rather than clicking on provided links.
- 🆎 Typosquatting is a URL hijacking technique where attackers use domain names with slight misspellings to deceive users.
- 📞 Pretexting involves creating a false scenario to manipulate users into acting, often used in phishing emails to make them seem more legitimate.
- 🌐 Pharming is a more extensive attack where the DNS server or website is compromised to redirect all users to a phishing site.
- 📞 Vishing (voice phishing) and smishing (SMS phishing) are methods where attackers use phone calls or text messages to gather personal information.
- 🐟 Whaling is a targeted phishing attack aimed at high-profile individuals, such as CEOs, who have access to sensitive information or large sums of money.
- 🔎 Attackers often conduct reconnaissance to gather detailed information about their targets, making phishing attacks more convincing and dangerous.
Q & A
What is phishing and how does it work?
-Phishing is a type of cyber attack where attackers send emails that appear to be from legitimate entities like internet service providers, banks, etc., to trick recipients into clicking on a link that leads to a fake website designed to gather personal information. The goal is to obtain sensitive data such as login credentials or financial information.
How can you identify a phishing email?
-Phishing emails can often be identified by inconsistencies in the sender's address, poor grammar or spelling, and a sense of urgency to act. The email may also contain a link that leads to a website that looks similar to a legitimate one but has minor discrepancies, such as incorrect logos or misspelled URLs.
Why can't attackers make the address bar show the actual URL of the service provider in a phishing attempt?
-Attackers cannot manipulate the address bar to show the actual URL of a service provider because it is a secure feature of web browsers designed to prevent URL spoofing. The address bar displays the true location of the website, which can help users identify phishing attempts.
What is the difference between phishing and pharming?
-Phishing requires the user to click on a malicious link, whereas pharming involves the attacker taking control of a domain name system server or website to redirect all visitors to a fake site without the need for them to click on anything. Pharming is a more passive attack that affects all users who access the compromised server or site.
What is typosquatting and how is it used in phishing attacks?
-Typosquatting is a type of URL hijacking where a domain name is registered with a slight misspelling of a popular or well-known domain, intending to trick users into typing the wrong address and landing on the attacker's site. This can be used in phishing to create a sense of legitimacy and gather personal information.
What is pretexting and how is it related to phishing?
-Pretexting is a social engineering technique where attackers create a fabricated scenario to manipulate individuals into performing certain actions, such as clicking a link or providing personal information. It is related to phishing as it often provides the narrative or context that makes the phishing email seem believable.
How can vishing, smishing, and spear phishing be categorized under phishing attacks?
-Vishing (voice phishing), smishing (SMS phishing), and spear phishing are all variations of phishing attacks that use different communication channels. Vishing uses phone calls, smishing uses text messages, and spear phishing targets specific individuals or groups with highly personalized emails to gather information or money.
What is whaling in the context of phishing attacks?
-Whaling is a targeted phishing attack aimed at high-profile individuals, such as CEOs or CFOs, who have access to sensitive information or large sums of money. The goal is to deceive these individuals into performing actions that benefit the attacker, such as transferring funds.
How can attackers gather information about their targets before launching a phishing attack?
-Attackers can gather information about their targets through open-source intelligence (OSINT) techniques, which involve searching for and analyzing publicly available data on the internet. This can include social media profiles, professional networking sites like LinkedIn, and other third-party websites that contain personal or professional information.
Why is it recommended not to click on links in emails and instead type the website address directly into the browser?
-It is recommended to avoid clicking on links in emails to prevent falling for phishing attempts. Typing the website address directly into the browser allows users to verify the URL and ensure they are visiting the legitimate site, reducing the risk of landing on a phishing page.
How can users protect themselves against phishing attacks?
-Users can protect themselves against phishing attacks by being vigilant, verifying the sender's email address, not clicking on suspicious links, using two-factor authentication, and keeping their software and security tools up to date. Additionally, they should be cautious about sharing personal information and use secure and private networks.
Outlines
🐟 Phishing and Social Engineering Tactics
This paragraph discusses the prevalence of phishing emails disguised as legitimate communications from service providers or banks to trick users into revealing personal information. It explains how these scams often involve social engineering and spoofing to mimic trusted websites, but the URL in the address bar can reveal their true identity. The importance of validating email links and manually entering website URLs is emphasized to avoid falling for such scams. The paragraph also covers the use of typosquatting and pretexting in phishing attempts, as well as the dangers of pharming, where attackers redirect users to fraudulent sites by compromising DNS servers.
📞 Advanced Phishing Techniques: Vishing, Smishing, and Spear Phishing
The second paragraph delves into more sophisticated phishing methods, such as vishing, where attackers use the telephone to spoof numbers and gather personal information, and smishing, which is phishing conducted via SMS messages. It highlights the difficulty in detecting these scams, even for antivirus software. The paragraph also touches on spear phishing, which targets specific individuals or groups with tailored messages based on gathered intelligence, and whaling, a type of spear phishing aimed at high-value targets like CEOs or finance department heads to gain access to significant financial resources.
Mindmap
Keywords
💡Phishing
💡Social Engineering
💡Spoofing
💡URL
💡Typosquatting
💡Pretexting
💡Pharming
💡Vishing
💡Smishing
💡Spear Phishing
💡Whaling
Highlights
Phishing emails often pretend to be from trusted institutions to gather personal information.
Social engineering and spoofing are common tactics used in phishing attacks.
Phishing emails use links that lead to fake pages resembling the legitimate site.
Attackers cannot replicate the actual URL in the address bar of a spoofed site.
Visual discrepancies in graphics can indicate a phishing page.
Always validate links in emails to avoid falling for phishing scams.
Typing a website's URL directly into the browser is safer than clicking email links.
Pharming is a type of attack where the DNS server redirects users to a fake site.
Pharming can make a legitimate-looking site appear through poisoned DNS.
Vishing, or voice phishing, uses telephone calls to trick users into revealing information.
SMS phishing, or smishing, uses text messages to lure users into clicking malicious links.
Attackers use reconnaissance to gather personal information for targeted spear phishing.
Whaling is a phishing attack aimed at high-profile individuals with access to significant resources.
Pretexting involves creating a believable scenario to deceive users into acting.
Typosquatting is a URL hijacking technique that uses similar domain names to trick users.
Attackers may prepend text to a URL to create a convincing but fake address.
Third-party security products may not always recognize phishing or pharming attacks.
The subreddit r/Scams is a resource for learning about various scam tactics.
Transcripts
If I look into my spam folder right now,
I bet I could find a number of emails that are pretending
to be from my internet service provider, my cable
company, my bank, and many places that are not
who they say they are.
This is called phishing.
They're trying to get me to click
a link so they can gather some type of personal information
from me.
This is generally a bit of social engineering combined
with spoofing.
So the email is going to pretend to be
from my email provider or my internet service provider,
but when I click the link, it's going
to bring up a page that looks almost exactly like the one
that I would receive if I was at my actual internet service
provider's website.
The one thing that the attacker can't
do though is make the address bar
show the actual URL of your internet service provider.
It's very often looking into your browser,
you can see that this really did not come from the Rackspace
website because the URL will not show Rackspace.com at the top.
And usually there's something that
is not quite right with the screen that's being presented.
In this example, it's trying to get
me to log in to my Rackspace email service,
and you could see, it does look like a legitimate login page.
Although you'll notice, they didn't quite
get the graphics right on the page.
There's usually something about the page that isn't quite right
or doesn't ring true.
But you do have to make sure and validate any link
that you see in an email.
That's why we often say, never click a link in an email.
You should instead type in the website
directly in the bar of the browser.
Here's a comparison of the actual Rackspace Webmail login
page and the one that I received on the left side
when I was phished to the Webmail login page.
If you weren't paying attention, you
might think that this is absolutely a legitimate page
and you could type in your email address and your password,
and when you click that Login button,
you've now sent your credentials directly
to the phishing attacker.
The attackers try to use many different tricks
to get us to click these links and input
our personal information into these pages
and making the pages look very common and similar to what
we would expect is only one of the things that they do.
They also try to present to us a domain name in the address bar
that looks very similar to what we are expecting.
For example, you might find a bad guy
using typosquatting, which is a type of URL hijacking.
For example, professormessor.com almost looks like
it's legitimate, except my last name is spelled M-E-S-S-E-R.
This one is spelled M-E-S-S-O-R. But if the bad guy wanted
to use that particular domain name and then have a website
that looked exactly like mine, they might be able to fool
a few people into typing in their email address
and their password.
Another example of something they might do
is to prepend to the address, which
means they add onto the beginning,
and you could see pprofessormesser.com.
It's all spelled correctly except for the additional text
at the beginning.
And if you aren't looking closely,
you might not even realize that text is there.
Very commonly, these messages have some type
of pretexting, which is a fancy way of saying that they're
going to lie to you.
They put some type of situation in place,
and they try to see if they can get you to act on it.
For example, they may have a message that they're
calling with or an email that says, hi, we're
calling from Visa regarding an automated payment
to your utility service.
And then they might have click on something or offer
to provide that particular payment over the phone.
Well, I definitely have an automated payment.
I do pay my utility service automatically,
and this might get me relaxed enough to think
that the person who's calling me really is from Visa,
and they really are trying to take
care of a financial problem.
But of course, this is an attacker
who's trying to gather my credit card information,
and I would simply be handing over
all of the details of that account
to whoever happened to be calling.
Of course, we often see these emails
being sent to individuals, and the attackers
are trying to gather this information one
person at a time until they have all
of the information they need.
But there are times when the attacker
might want to attack an entire group of people simultaneously.
This is called pharming, and it's usually
created when the attacker is able to take over
an entire domain name system server
or be able to take over an entire website
so that everybody who visited the DNS server
or visited the website will be automatically directed
to the attacker's website.
This means that you could be typing
in the correct address in your browser,
but because the DNS has been poisoned,
now you're at the attacker's website,
and you would simply put in your user credentials,
because to you, it looks like the normal website.
So now there are two different kinds of attacks in place.
The pharming is redirecting everybody
who visits that DNS server to the attacker's website,
and then the phishing takes place
once they arrive there, as they're
putting in their email address, username, password,
and other personal information.
In this particular scenario, it's
very difficult for the end user to even realize
they're being phished.
They've gone to what they thought was a legitimate DNS,
and they were able to go to a website that looks
like the legitimate website.
So of course, they're going to provide
their normal credentials.
And because everything looks normal,
it's even difficult for third party products,
like anti-malware or antivirus, to even recognize
that there's any type of problem happening at all.
These types of pharming situations
are thankfully relatively rare, but they do occur,
and it's something that you need to know
how to mitigate if you happen to find
this situation on your network.
The attackers have moved to the telephone as a way
to gather your personal information.
Performing this attack over a voice line
is called vishing, for voice phishing.
Very often, the attacker is spoofing the phone number
that's appearing on the incoming call
so it looks like it's a local phone number.
But in reality, they could be calling from anywhere.
The point of the phone call or the voicemail that they leave
ultimately leads to you giving up
some type of personal information
that they can use to gain access to your accounts.
Of course, they may not even need to talk to you.
They can do everything over SMS--
that's the Short Message Service, or what we commonly
refer to as text messages.
This is also referred to as smishing or SMS phishing,
where this phishing is all done over a text message
communication.
Often these text messages have a link,
and the attacker tries to entice you into clicking that link
and providing them with more information.
There are many, many different ways
that attackers try to entice you to give up
your information or your money.
Many of these scams can be found in a large list on Reddit.
You can find it at reddit.com/r/Scams.
With some of these attacks, the attacker
isn't after an email password.
They're instead trying to get large sums of money transferred
into their personal account.
To be able to do that, they need to gather as much information
as possible on the victim.
So they'll perform a number of different steps
of reconnaissance prior to performing the actual phishing
attack.
It's remarkable how much open source information
is available on the internet, and you
can gather information about individuals,
groups of individuals, or large organizations
by simply visiting third party websites, Facebook, LinkedIn,
and other locations.
Based on the information they gather,
they can create a very believable pretext.
They might be able to determine where you live, where you work,
who you work with, be able to use people's names,
be able to understand places that you shop,
and put all of that information into a very believable phishing
attack.
These types of very directed phishing attacks
are called spear phishing attacks.
They're going after a very specific person
or very specific group of people to be
able to gather the information that they need.
A spear phishing attack that goes
after a person who has control of a lot of money
or a lot of information is called whaling.
It's very common to go after the CEO or the head
of the accounting department because they have access
to the entire corporate bank account.
All you need is one very well-crafted
phishing attack to be able to convince somebody
to log into a fake user account that would then provide
the attacker with all of the banking
information for the organization.
These types of whaling attacks happen all too often.
And if you're in an organization that
has people who are in charge of these particular accounts,
then you need to make sure that they
are very familiar with the type of phishing attacks
that they might run into.
Ver Más Videos Relacionados
Phishing - CompTIA Security+ SY0-701 - 2.2
Apa itu Phising? Ketahui Pengertian, Teknik dan Bahayanya
CompTIA Security+ SY0-701 Course - 2.2 Explain Common Threat Vectors and Attack Surfaces - PART B
SOCIAL HACKING! Como Blindar suas Redes Sociais contra Hackers
How to Avoid Tax Scams
Hacking the human mind: The rise of social engineering security threat
5.0 / 5 (0 votes)