Phishing attacks — part 1

Source: https://i0.wp.com/blog.frontiersin.org/wp-content/uploads/2021/02/shutterstock_749866270.jpg

Hello everyone! As a student of the new Google Cybersecurity Professional Certificate on Coursera, it is important to know the most common types of attacks, and the most common one is a phishing attack.

In this first part, we'll discuss:

• What a phishing attack is
• Some famous phishing attacks

What is a phishing attack?

Accordingly to the National Cyber Security Centre a phishing attack is an attack where attackers attempt to trick users into doing ‘the wrong thing’, such as clicking a bad link that will download malware, or direct them to a dodgy website.

In other words, by 'wrong thing' they mean when an attacker forces they victim to do something, believing that the email is legit.

Some people even consider phishing attacks as a type of social engineer attack, since the attacker, mostly, disguises himself as a trusted entity.

Step-by-step of an email phishing attack. Source: https://www.valimail.com/wp-content/uploads/2022/09/article-guide-to-phishing_Img0-1024x727.png

An attack like that can be carried over email and some other means (although email is the most popular one). We'll talk about these down below.

Types of Phishing attacks

There are some types of phishing attacks that are the most common ones. I'll list some below. Keep in mind that this list is not exhaustive and that a new technique can come up anytime.

• email phishing

This is the most common type of phishing attack. Phishers send emails that appear to come from a legitimate source, such as a bank or credit card company. The emails often contain a link or attachment that, when clicked or opened, installs malware on the victim’s computer or steals their personal information.

Attackers try to replicate a legit email coming from a known source (with all the images, headers, and footers). Also, they will try to embbed it with a sense of urgency, telling you that your account is going to become inactive in one day, or that you'd have 24 hours to do something (otherwise something bad might happen), etc.

• Spear Phishing

Spear phishing is a type of email phishing, but this is a more targeted type. Phishers research their victims and send emails that are specifically tailored to them.

For example, an attacker can research all the marketing team members and use a stolen credential, posing as the marketing director, and send an email with an infected attachment to every employee.

• Whaling

This is a type of spear phishing attack that targets high-level executives. Whaling emails are often very convincing and can be difficult to distinguish from legitimate emails (since the reward is bigger, bigger is the effort attackers put on building a convincing email).

• Vishing and Smishing

Vishing and Smishing are 2 different types of phishing, but since they have similarities, I decided to place both in one.

Vishing is a type of phishing attack that uses phone calls to trick users into giving up personal information. Vishers often use fraudulent phone numbers to make their calls appear to be coming from a legitimate source, such as a bank or credit card company.

They may also use voice-altering software to disguise their voice and make it sound like they are someone they are not. Vishers will often use social engineering techniques to convince victims to provide their personal information, such as their credit card number or any SPII.

An example of a vishing attack. Source: https://www.proofpoint.com/sites/default/files/misc/vishing-attack-example.png

In the example above, people often get scared by messages saying that they'll have some penalty under their names, so they decide to pay what's needed. Also, if the user reply 'OUT', the attacker will known that the phone is valid and will keep trying. If the user called the number, the attacker, posing as an IRS agent, will ask for a credit card number or some other type of document, to get a financial advantage or a document number.

Smishing is similar, but relies just on SMS or any other type of message system. This is a type of phishing attack that uses SMS text messages to trick victims into clicking on a link or providing personal information. Smishing attacks are often used to target people who are on the go and may not be as careful about what they click on.

A smishing example. Source: https://www.proofpoint.com/sites/default/files/inline-images/smishing_3.png

As we can see in the image above, the message asks the customer to click on a link to get a reward. Notice the strange URL linking to a page that's for sure not Amazon…

Most famous Phishing attacks

Here are the most famous phishing attacks that happened in the past years:

• Facebook and Google Scam

A Lithuanian guy named Evaldas Rimasaukas stolve more than $ 100 million from Google and Facebook. He and his accomplices created some convincing phishing emails as if they were from Quanta Computer, a Taiwan-based company (which Google and Facebook do business with). These emails contained fake invoices and were directed to employees that were responsible for making payments. Both companies paid millions of dollars during a 2 year period. Rimasaukas then laundred the money through banks in several countries, such as Latvia, Cyprus, Lithuania, Hong kong, and others.

He got arrested, deported to the USA, plead guilty and is waiting trial.

• FACC — 2016

In January 2016, an employee at the Austrian aerospace parts manufacturer (FACC) received an email from someone who was pretending to be the company’s CEO, Walter Stephan. The email asked the employee to transfer €42 million to another account as part of an “acquisition project.”

The employee complied with the request, thinking that the email was legit. However, the email was actually a scam. The money was transferred to a bank account controlled by the scammers.

FACC conducted an internal investigation and determined that Stephan had “severely violated his duties” by failing to take adequate steps to prevent the scam. As a result, Stephan was fired. The company’s chief financial officer was also fired.

FACC sued Stephan and the former CFO for €10 million in damages. However, the Austrian courts dismissed the lawsuit, finding that FACC had not proven that the executives had acted with malicious intent.

• Sony — 2014

In November 2014, a group of hackers called the “Guardians of Peace” attacked Sony Pictures. The hackers had been planning the attack for months, and they used a variety of methods to infiltrate Sony’s computer systems.

One of the methods the hackers used was phishing. They sent emails to top Sony executives that appeared to be from Apple. The emails asked the executives to provide ID verification emails, which the hackers used to gain access to their accounts.

Once the hackers had access to the Sony executives’ accounts, they were able to steal lots of data. This data included personal information about Sony employees and their families, private correspondences, and information about unreleased films.

The hackers’ ultimate goal was to get Sony to withdraw its film “The Interview.”, which was movie about a plot to assassinate the North Korean leader, Kim Jong-un.

The Sony Pictures hack was a major security breach, and it had a significant impact on the company. The attack cost Sony Pictures more than $100 million, and it damaged the company’s reputation.

• Colonial Pipeline — 2021

In May 2021, a ransomware attack on Colonial Pipeline caused widespread disruption to the fuel supply on the east coast of the United States.

Although this was a ransomware attack, the attack began with a phishing email that was sent to an employee of Colonial Pipeline. The email contained a malicious attachment that, when opened, installed ransomware on the employee’s computer.

Once the ransomware was installed, it spread to other computers on Colonial Pipeline’s network, encrypting files and making them inaccessible. This forced Colonial Pipeline to shut down its operations for several days.

The shutdown of Colonial Pipeline caused fuel shortages and price hikes on the east coast of the United States. The company paid a ransom of $4.4 million to the hackers in order to regain access to its files.

The Colonial Pipeline ransomware attack was a major wake-up call for businesses and individuals alike. It showed how a single phishing email can have a devastating impact on an organization.

The organisation, which provides almost half of the oil supplies to the east coast of the US, was shut down for a week, which resulted in the non-delivery of about 20 billion gallons of oil, which was worth approximately €3.4 billion at the time.

These events prove that even a simply phishing email can cause severe financial damage to a company. Because of this, companies are starting to open their eyes to events like that.

In my next post, I'll explore how one can identify a phishing attack, as well how companies can protect themselves against phishing emails and other types of fraud related to this attack.

Sources:

https://www.ncsc.gov.uk/guidance/phishing
https://www.imperva.com/learn/application-security/phishing-attack-scam/
https://www.proofpoint.com/us/threat-reference/vishing
proofpoint.com/us/threat-reference/smishing
https://www.graphus.ai/blog/worst-phishing-attacks-in-history/
https://www.itgovernance.eu/blog/en/the-5-biggest-phishing-scams-of-all-time