Cos'e' il phishing - Cover Giacomo Lanzi

What is phishing? Understanding and identifying social engineering attacks

Estimated reading time: 7 minutes

Phishing is a type of social engineering attack often used to steal user data, including login credentials and credit card numbers . Occurs when an attacker, disguised as a trusted entity , tricks a victim into opening an email, instant message, or text message.

The recipient is then tricked into clicking on a malicious link, which can lead to malware installation , system freezing as part of an attack ransomware or the disclosure of sensitive information.

An attack can have devastating results . For individuals, this includes unauthorized purchases, fund theft or identity theft.

What is phishing - Concept

What is Phishing for Business?

Even more damaging, phishing is also used to gain an entry point into corporate or government networks as part of a larger attack , such as a persistent advanced threat event (APT – Advanced Persistent Threat). In the latter scenario, employees are compromised in order to bypass security perimeters , distribute malware within a closed environment, or gain privileged access to protected data.

An organization that succumbs to such an attack typically suffers severe financial losses, as well as a decline in market share, reputation and consumer confidence. Depending on the scope, a phishing attempt could escalate into a security incident that a company will have difficulty recovering from .

What a phishing attack looks like

Knowing what phishing is often isn’t enough to protect yourself . The best thing to do is work on resilience to attacks and understand how to spot them before falling victim to them.

As we mentioned earlier, the consequences can be enormous. But, if it seems simple to do when it comes to a single individual, what if there is an entire company to protect? SOD offers a service geared towards just that : train entire companies to recognize and mitigate the risk of phishing attacks.

Through a first controlled attack, we are able to understand which are the points to work on . Subsequently, training proposals for employees are organized. They are taught how to recognize threats before they become problematic. To find out more, visit the service page .

But let’s see what a generic attack looks like.

Attack example

1. A bogus email ostensibly from myuniversita.edu is being distributed en masse to as many faculty members as possible.

2. The email claims that the user’s password is about to expire . Instructions are given to go to the myuniversita.edu/rinnovo link to renew their password within 24 hours.

Various things can happen by clicking on the proposed link.

The user is redirected to myuniversita.edurinnovo.com , a fake page that looks exactly like the real renewal page, where both the new password are requested than the existing one. The attacker, monitoring the page, hijacks the original password to – gain access to secure areas of the university network.

– The user is sent to the real password renewal page. However, while being redirected, a malicious script runs in the background to hijack the user’s session cookie. This results in a Cross Site Scripting attack, giving the author privileged access to the university network.

What is phishing - Concept

Logic of an attack

Email phishing is a big game . An attacker who sends thousands of fraudulent messages can obtain significant information and sums of money, even if only a small percentage of recipients fall into the scam .

Hackers go to great lengths to design messages for a phishing attack by mimicking real emails from a disguised organization. Using the same phrasing, the same typefaces, the same logos and the same signatures, the messages appear legitimate .

Also, another thing to watch out for is that attackers usually try to push users into action by creating a sense of urgency. For example, as shown above, an email could threaten account expiration and put the recipient in urgency . Applying this pressure leads the user to be less diligent and more prone to error.

Finally, the links within the messages resemble their legitimate counterparts, but typically have a misspelled domain name or extra subdomains. In the above example, the URL myuniverist.edu/rinnovo has been changed to myuniversita.edurinnovo.com . The similarities between the two addresses give the impression of a secure connection , making the recipient less aware that an attack is in progress.

What is spear phishing

What is phishing - Spear phishing

Spear phishing targets a specific person or company , as opposed to casual users. It’s a more in-depth version of phishing that requires special knowledge of an organization, including its power structure.

An attack could take place like this:

– A hacker searches for employee names within an organization’s marketing department and gains access to the latest project invoices.
Posing as the director of marketing , The attacker sends an email to a project manager in the department using a subject that says: Updated invoice for Q3 campaigns . The included text, style, and logo duplicate the organization’s standard email template.
– A link in the email redirects to a password-protected internal document, which is actually a forged version of a stolen invoice .
– The marketing director is required to login to view the document. The attacker steals his credentials , gaining full access to sensitive areas within the organization’s network.

By providing the attacker with valid login credentials, spear phishing is an effective way to carry out the first phase of a ransomware attack.

What is whale phishing

whale phishing , or whaling , is a form of spear phishing that targets very big fish: CEOs or other high-value targets . Many of these scams target members of a company’s board of directors, who are considered particularly vulnerable. Indeed, they have great authority within the company, but because they are not full-time employees, they often use personal email addresses for business-related correspondence , which does not have the protections offered by email business.

whale phishing , or whaling , is a form of spear phishing that targets very big fish: CEOs or other high-value targets . Many of these scams target members of a company’s board of directors, who are considered particularly vulnerable. Indeed, they have great authority within the company, but because they are not full-time employees, they often use personal email addresses for business-related correspondence , which does not have the protections offered by email business.

How to defend yourself

Protecting against a phishing attack requires action by both users and businesses.

For users, vigilance is the key . A forged message often contains subtle errors that expose its true nature. These can include misspellings or changes to domain names , as seen in the example of the preceding URL. Users should be wondering why they are receiving a certain email .

What is phishing - Defense

For businesses, a number of measures can be taken to mitigate both phishing and spear phishing attacks:

Two-factor authentication (2FA) is the most effective method of thwarting phishing attacks, as adds an extra layer of verification when accessing sensitive applications . 2FA is based on users having two things: something they know , like a password and username, and something they have with them , like their smartphone . Even when employees are compromised, 2FA prevents the use of their compromised credentials, as these alone are not enough to get in .

In addition to the use of 2FA, companies should apply strict password management policies . For example, employees should be required to change their passwords frequently and not be allowed to reuse a password for multiple applications .

Finally, educational campaigns can also help decrease the threat of phishing attacks by enforcing safe practices , such as not clicking on external links to emails. In this regard, I would like to mention the ethical phishing service of SOD , which has the very intent of testing the company and organizing targeted training to mitigate the risks .

It’s not enough to know what phishing is, you also need to know how to recognize it.

Contact us

Useful links:

Phising

Mitre Att&ck

Double extortion ransomware

Share


RSS

RSS feed

More Articles…

Categories …

Tags

Acronis Acronis Cloud Backup anti-ransomware BaaS Backup Backup as a Service cloud cloud computing Cloud Conference cloud provider reggio emilia cloud server cloud service provider cloud services cyber security cyber security cyber threat Cyber Threat Hunter Data Exfiltration GDPR Machine Learning Next Generation SIEM nextgen siem owncloud owncloud pentest Phishing Plesk Ransomware Ransomware security Security Information and Event Management server virtuale sicurezza siem Smart Working SOAR SOCaaS Threat intelligence UEBA VDS vps vulnerability assessment web hosting webinar Wordpress

RSS darkreading

RSS Full Disclosure

  • Microsoft PlayReady - complete client identity compromise May 9, 2024
    Posted by Security Explorations on May 09Hello All, We have come up with two attack scenarios that make it possible to extract private ECC keys used by a PlayReady client (Windows SW DRM scenario) for the communication with a license server and identity purposes. More specifically, we successfully demonstrated the extraction of the following keys: […]
  • secuvera-SA-2024-02: Multiple Persistent Cross-Site Scritping (XSS) flaws in Drupal-Wiki May 6, 2024
    Posted by Simon Bieber via Fulldisclosure on May 06secuvera-SA-2024-02: Multiple Persistent Cross-Site Scritping (XSS) flaws in Drupal-Wiki Affected Products Drupal Wiki 8.31 Drupal Wiki 8.30 (older releases have not been tested) References https://www.secuvera.de/advisories/secuvera-SA-2024-02.txt (used for updates) CVE-2024-34481 CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CVSS-B: 6.4 (...
  • OXAS-ADV-2024-0002: OX App Suite Security Advisory May 6, 2024
    Posted by Martin Heiland via Fulldisclosure on May 06Dear subscribers, We're sharing our latest advisory with you and like to thank everyone who contributed in finding and solving those vulnerabilities. Feel free to join our bug bounty programs for OX App Suite, Dovecot and PowerDNS at YesWeHack. This advisory has also been published at https://documentation.open-xchange.com/appsuite/security/advisories/html/2024/oxas-adv-2024-0002.html. […]
  • Microsoft PlayReady toolkit - codes release May 6, 2024
    Posted by Security Explorations on May 06Hello All, We released codes for "Microsoft PlayReady toolkit", a tool that has been developed as part of our research from 2022: https://security-explorations.com/microsoft-playready.html#details The toolkit illustrates the following: - fake client device identity generation, - acquisition of license and content keys for encrypted content, - downloading and decryption of […]
  • Live2D Cubism refusing to fix validation issue leading to heap corruption. May 3, 2024
    Posted by PT via Fulldisclosure on May 03Live2D Cubism is the dominant "vtuber" software suite for 2D avatars for use in livestreaming and integrating them in other software. They publish various SDKs and a frameworks for integrating their libraries with your own program. You're supposed to use those to deserialize and render/animate the models created […]
  • Microsoft PlayReady white-box cryptography weakness May 1, 2024
    Posted by Security Explorations on May 01Hello All, There is yet another attack possible against Protected Media Path process beyond the one involving two global XOR keys [1]. The new attack may also result in the extraction of a plaintext content key value. The attack has its origin in a white-box crypto [2] implementation. More […]
  • Defense in depth -- the Microsoft way (part 87): shipping more rotten software to billions of unsuspecting customers April 24, 2024
    Posted by Stefan Kanthak on Apr 24Hi @ll, this post is a continuation of and With the release of .NET Framework 4.8 in April 2019, Microsoft updated the following paragraph of the MSDN article "What's new in .NET Framework" | Starting with .NET Framework 4.5, the clrcompression.dll assembly...
  • Response to CVE-2023-26756 - Revive Adserver April 24, 2024
    Posted by Matteo Beccati on Apr 24CVE-2023-26756 has been recently filed against the Revive Adserver project. The action was taken without first contacting us, and it did not follow the security process that is thoroughly documented on our website. The project team has been given no notice before or after the disclosure. Our team has […]
  • BACKDOOR.WIN32.DUMADOR.C / Remote Stack Buffer Overflow (SEH) April 19, 2024
    Posted by malvuln on Apr 19Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024 Original source: https://malvuln.com/advisory/6cc630843cabf23621375830df474bc5.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Backdoor.Win32.Dumador.c Vulnerability: Remote Stack Buffer Overflow (SEH) Description: The malware runs an FTP server on TCP port 10000. Third-party adversaries who can reach the server can send a specially […]
  • SEC Consult SA-20240418-0 :: Broken authorization in Dreamehome app April 19, 2024
    Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Apr 19SEC Consult Vulnerability Lab Security Advisory < 20240418-0 > ======================================================================= title: Broken authorization product: Dreamehome app vulnerable version:

Customers

Newsletter

{subscription_form_1}
Products and Solutions
Partners
Cloud Models
News
Google Reviews
Secure Online Desktop s.r.l.
Secure Online Desktop s.r.l.
4.9
Based on 37 reviews
powered by Google
review us on
Omid Fazeli
Omid Fazeli
06:59 20 Apr 18
They have a lot of solutions for any... kind of business. Lower prices than many others. The support service is always active and efficient.read more
See All Reviews
js_loader
Facebook
Secure Online Desktop s.r.l.
Secure Online Desktop s.r.l.
5.0
Based on 17 reviews
powered by Facebook
review us on
Paolo Raimondi
Paolo Raimondi
11:06 21 Apr 18
La Polimatica Progetti Srl, azienda di... cui sono titolare, collabora con soddisfazione da alcuni anni con Secure Online Desktop. L'Azienda è costituita da professionisti seri e competenti. Insieme a loro abbiamo costruito un sistema organizzato di soluzioni ICT, servizi e attività di consulenza per la compliance alla normativa in materia di protezione dei dati personali (GDPR).read more
Ilaria Miglietta
Ilaria Miglietta
04:16 21 Apr 18
Servizi affidabili e di semplice... utilizzo. I loro tecnici molto attenti alle esigenze del cliente, continuate cosìread more
Maurizio Sclafani
Maurizio Sclafani
12:38 20 Apr 18
Francesca Marastoni
Francesca Marastoni
11:41 20 Apr 18
Excellent service company with... wonderful stuff. Highly recommended.

Ottima azienda, servizi molto utili, staff qualificato e competente. Raccomandata!read more
Alessio Liga
Alessio Liga
08:25 20 Apr 18
Servizi di alto livello, competenti e... disponibili a accettare nuove sfide per sviluppare business
Ottimo supportoread more
Matteo Revelli
Matteo Revelli
22:39 19 Apr 18
Ottima azienda, offre servizi di alta... qualità con personale competente e disponibile.read more
Lorenzo Munari
Lorenzo Munari
16:25 19 Apr 18
Azienda molto seria e... affidabile.

E' un piacere poter collaborare con realtà di questo tiporead more
Francisco Amadi
Francisco Amadi
10:41 19 Apr 18
Ho avuto il piacere di collaborare con... loro e spero vivamente che succeda di nuovo. Competenti, professionali, precisi e cordiali!read more
Davide Michelotto
Davide Michelotto
07:42 19 Apr 18
Ottimo servizio, seri professionisti al... timone della società e celerità nei tempi di risposta, oltre ogni aspettativa.read more
Gabriele Petralia
Gabriele Petralia
12:28 18 Apr 18
Luca Prati
Luca Prati
10:12 18 Apr 18
Azienda eccellente, consulenza... customizzata e puntuale.
Un ottimo fornitore.
Io personalmente ho parlato con l' Ing. Venuti, valore aggiunto indubbiamente.read more
Valerio Lezza
Valerio Lezza
21:35 17 Apr 18
Daniela Cospito Di Leo
Daniela Cospito Di Leo
21:20 17 Apr 18
Andrea Rizzo
Andrea Rizzo
20:45 17 Apr 18
More Reviews
js_loader
payments gateway
About