[go: up one dir, main page]
Scribd
Upload
94 views5 pages

Phishing Attacks: What Is A Phishing Attack

Phishing attacks involve masquerading as a trusted entity to trick victims into revealing sensitive information like login credentials or financial details. This can enable unauthorized access and purchases, identity theft, or installation of malware. While individuals are most at risk, phishing is also used in corporate attacks to gain access to networks. Protecting against phishing requires vigilance from users and security measures like two-factor authentication from organizations.

Uploaded by

andrisuranti
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
94 views5 pages

Phishing Attacks: What Is A Phishing Attack

Phishing attacks involve masquerading as a trusted entity to trick victims into revealing sensitive information like login credentials or financial details. This can enable unauthorized access and purchases, identity theft, or installation of malware. While individuals are most at risk, phishing is also used in corporate attacks to gain access to networks. Protecting against phishing requires vigilance from users and security measures like two-factor authentication from organizations.

Uploaded by

andrisuranti
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 5

Phishing attacks

What is a phishing attack


Phishing is a type of social engineering attack often used to steal user
data, including login credentials and credit card numbers. It occurs when
an attacker, masquerading as a trusted entity, dupes a victim into opening
an email, instant message, or text message. The recipient is then tricked
into clicking a malicious link, which can lead to the installation of malware,
the freezing of the system as part of a ransomware attack or the revealing
of sensitive information.

An attack can have devastating results. For individuals, this includes


unauthorized purchases, the stealing of funds, or identify theft.

Moreover, phishing is often used to gain a foothold in corporate or


governmental networks as a part of a larger attack, such as an advanced
persistent threat (APT) event. In this latter scenario, employees are
compromised in order to bypass security perimeters, distribute malware
inside a closed environment, or gain privileged access to secured data.

An organization succumbing to such an attack typically sustains severe


financial losses in addition to declining market share, reputation, and
consumer trust. Depending on scope, a phishing attempt might escalate
into a security incident from which a business will have a difficult time
recovering.

Phishing attack examples


The following illustrates a common phishing scam attempt:

 A spoofed email ostensibly from myuniversity.edu is mass-distributed to as


many faculty members as possible.

 The email claims that the user’s password is about to expire. Instructions
are given to go to myuniversity.edu/renewal to renew their password within
24 hours.
Several things can occur by clicking the link. For example:

 The user is redirected to myuniversity.edurenewal.com, a bogus page


appearing exactly like the real renewal page, where both new and existing
passwords are requested. The attacker, monitoring the page, hijacks the
original password to gain access to secured areas on the university
network.

 The user is sent to the actual password renewal page. However, while
being redirected, a malicious script activates in the background to hijack the
user’s session cookie. This results in a reflected XSS attack, giving the
perpetrator privileged access to the university network.

Phishing techniques
Email phishing scams
Email phishing is a numbers game. An attacker sending out thousands of
fraudulent messages can net significant information and sums of money,
even if only a small percentage of recipients fall for the scam. As seen
above, there are some techniques attackers use to increase their success
rates.

For one, they will go to great lengths in designing phishing messages to


mimic actual emails from a spoofed organization. Using the same
phrasing, typefaces, logos, and signatures makes the messages appear
legitimate.

In addition, attackers will usually try to push users into action by creating a
sense of urgency. For example, as previously shown, an email could
threaten account expiration and place the recipient on a timer. Applying
such pressure causes the user to be less diligent and more prone to error.

Lastly, links inside messages resemble their legitimate counterparts, but


typically have a misspelled domain name or extra subdomains. In the
above example, the myuniversity.edu/renewal URL was changed
to myuniversity.edurenewal.com. Similarities between the two addresses
offer the impression of a secure link, making the recipient less aware that
an attack is taking place.

Spear phishing
Spear phishing targets a specific person or enterprise, as opposed to
random application users. It’s a more in-depth version of phishing that
requires special knowledge about an organization, including its power
structure.

An attack might play out as follows:

1. A perpetrator researches names of employees within an organization’s


marketing department and gains access to the latest project invoices.
2. Posing as the marketing director, the attacker emails a departmental project
manager (PM) using a subject line that reads, Updated invoice for Q3
campaigns. The text, style, and included logo duplicate the organization’s
standard email template.

3. A link in the email redirects to a password-protected internal document,


which is in actuality a spoofed version of a stolen invoice.

4. The PM is requested to log in to view the document. The attacker steals his
credentials, gaining full access to sensitive areas within the organization’s
network.

By providing an attacker with valid login credentials, spear phishing is an


effective method for executing the first stage of an APT.

How to prevent phishing


Phishing attack protection requires steps be taken by both users and
enterprises.

For users, vigilance is key. A spoofed message often contains subtle


mistakes that expose its true identity. These can include spelling mistakes
or changes to domain names, as seen in the earlier URL example. Users
should also stop and think about why they’re even receiving such an
email.

For enterprises, a number of steps can be taken to mitigate both phishing


and spear phishing attacks:

 Two-factor authentication (2FA) is the most effective method for countering


phishing attacks, as it adds an extra verification layer when logging in to
sensitive applications. 2FA relies on users having two things: something
they know, such as a password and user name, and something they have,
such as their smartphones. Even when employees are compromised, 2FA
prevents the use of their compromised credentials, since these alone are
insufficient to gain entry.

 In addition to using 2FA, organizations should enforce strict password


management policies. For example, employees should be required to
frequently change their passwords and to not be allowed to reuse a
password for multiple applications.
 Educational campaigns can also help diminish the threat of phishing attacks
by enforcing secure practices, such as not clicking on external email links.

See how Imperva Web Application Firewall can help you with
phishing attacks.

Schedule Demo or learn more

Phishing protection from Imperva


Imperva offers a combination of access management and web
application security solutions to counter phishing attempts:

 Imperva Login Protect lets you deploy 2FA protection for URL addresses in
your website or web application. This includes addresses having URL
parameters or AJAX pages, where 2FA protection is normally harder to
implement. The solution can be deployed in seconds with just a few clicks
of a mouse. It doesn’t require any hardware or software installation and
enables easy management of user roles and privileges directly from your
Imperva dashboard.

 Working within the cloud, Imperva Web Application Firewall (WAF) blocks
malicious requests at the edge of your network. This includes preventing
malware injection attempts by compromised insiders in addition to reflected
XSS attacks deriving from a phishing episode.

You might also like