Phishing Attack (social accounts)

Mark Priston
Nov 1 · 4 min read
CYBER SECURITY

Phishing is a cyber attack that uses disguised email as a weapon. The goal is to trick the email recipient into believing that the message is something they want or need — a request from their bank, for instance, or a note from someone in their company — and to click a link or download an attachment.

What really distinguishes phishing is the form the message takes: the attackers masquerade as a trusted entity of some kind, often a real or plausibly real person, or a company the victim might do business with. It’s one of the oldest types of cyberattacks, dating back to the 1990s, and it’s still one of the most widespread and pernicious, with phishing messages and techniques becoming increasingly sophisticated.

Phish” is pronounced just like it’s spelled, which is to say like the word “fish” — the analogy is of an angler throwing a baited hook out there (the phishing email) and hoping you bite. The term arose in the mid-1990s among hackers aiming to trick AOL users into giving up their login information. The “ph” is part of a tradition of whimsical hacker spelling, and was probably influenced by the term “phreaking,” short for “phone phreaking,” an early form of hacking that involved playing sound tones into telephone handsets to get free phone calls.

phishing

TYPES OF PHISHING

If there’s a common denominator among phishing attacks, it’s the disguise. The attackers spoof their email address so it looks like it’s coming from someone else, set up fake websites that look like ones the victim trusts, and use foreign character sets to disguise URLs.

That said, there are a variety of techniques that fall under the umbrella of phishing. There are a couple of different ways to break attacks down into categories. One is by the purpose of the phishing attempt. Generally, a phishing campaign tries to get the victim to do one of two things:

  • Hand over sensitive information. These messages aim to trick the user into revealing important data — often a username and password that the attacker can use to breach a system or account. The classic version of this scam involves sending out an email tailored to look like a message from a major bank; by spamming out the message to millions of people, the attackers ensure that at least some of the recipients will be customers of that bank. The victim clicks on a link in the message and is taken to a malicious site designed to resemble the bank’s webpage, and then hopefully enters their username and password. The attacker can now access the victim’s account.
  • Download malware. Like a lot of spam, these types of phishing emails aim to get the victim to infect their own computer with malware. Often the messages are “soft targeted” — they might be sent to an HR staffer with an attachment that purports to be a job seeker’s resume, for instance. These attachments are often .zip files, or Microsoft Office documents with malicious embedded code. The most common form of malicious code is ransomware — in 2017 it was estimated that 93 percent of phishing emails contained ransomware attachments.

There are also several different ways that phishing emails can be targeted. As we noted, sometimes they aren’t targeted at all; emails are sent to millions of potential victims to try to trick them into logging in to fake versions of very popular websites. Vade Secure has tallied the most popular brands that hackers use in their phishing attempts (see infographic below). Other times, attackers might send “soft targeted” emails at someone playing a particular role in an organization, even if they don’t know anything about them personally.

But some phishing attacks aim to get login information from, or infect the computers of, specific people. Attackers dedicate much more energy to tricking those victims, who have been selected because the potential rewards are quite high.

PHISHING SOCIAL ACCOUNTS

Mark Priston

Written by

Cyber Security specialist,working with facebook security for 2 years now a freelancer at HACKER101..my aims are not for being popular but to make my sucess loud