edit-icon download-icon

Phishing attacks and defense

Last Updated: May 07, 2018

What is a phishing attack

Phishing (pronounced as “fishing”) is an attempt to lure recipients into providing sensitive information (such as usernames, passwords, account IDs, ATM PINs, or credit card details) by disguising as trustworthy entities such as banks or well-known institutions to send a number of spoofed spam emails.

Phishing types

Phishing attacks use a variety of techniques to make an email or web page display and run like one from the authentic source. Some common attacking techniques are listed as follows.

Fake domain names

Most browsers display URLs in Sans-Serif (a font-style). The attackers may register a domain name similar to the name of the website they want to imitate. Sometimes attackers may change the case style or use special characters. For example, “paypaI.com” can be used to counterfeit “paypal.com”, and “barcIays.com” can be used to counterfeit “barclays.com”.

A fake domain name can also incorporate part of the real domain name. For example, “ebay-members-security.com” is used to counterfeit “ebay.com” and “users-paypal.com” is used to counterfeit “paypal.com”. Most users lack the tools and knowledge to identify whether a fake domain name is really owned by the company being counterfeited.

URL hiding

URL hiding takes advantage of a type of less-used URL syntax. In the URL, the user name and password can be inserted in front of the domain name by using the syntax: http://username:password@domain/. Attackers can place a seemingly reasonable domain name at the username position, and hide the real domain name or place it at the end of the address bar. For example, http://earthlink.net%6C%6C...%6C@211.112.228.2.

Recent updates to the web browser have eliminated this vulnerability by removing the username and password in the URL before displaying the URL in the address bar, or by completely prohibiting the URL syntax with the username/password. Internet Explorer takes the latter approach.

Display as an IP address

The easiest way to hide a server’s identity is to display it as an IP address, such as http://210.93.131.250. Because many legitimate URLs also contain some opaque numbers that are difficult to understand, only users who know URL parsing and are alert enough can be suspicious with such addresses.

The title of a hyperlink is completely independent of the URL it actually points to. Attackers can exploit such difference to display a URL in the link title and use an entirely different URL on the backend. Users often do not double check the real URL when the URL is explicitly displayed in the message.

A standard way to check the destination of a hyperlink is to place the mouse over it so that its real URL is displayed in the status bar. However, the content displayed may also be tampered by attackers by using JavaScript or URL hiding techniques.

Prompt hiding

Prompt hiding indicates completely replacing the address bar or the status bar to provide a spoofed prompt message. Attackers may create a simple window with JavaScript on the address bar of Internet Explorer to show a completely irrelevant URL.

Fake message windows

Attackers may create a message window asking for your personal information when you are browsing a real web page such as a Citibank page.

Social engineering

Social engineering indicates using non-technical means to lure users into a trap.

  • One of the tricks is to create an urgent atmosphere, so that users may take action without enough time to validate the message’s authenticity.
  • Another trick is to threaten users, alerting them of the severe consequences (such as service termination or account closure) if they fail to follow the instructions. A small number of attacks also promise a huge return (such as “You win a prize!”). Threatening attacks are more common.

What are the hazards of phishing attacks

Phishing attackers use phishing emails and forged websites to run online frauds. Fraudsters usually disguise themselves as trusted brands such as online banks, online retailers, and credit card companies to defraud users’ personal information. As a result, victims often disclose their personal information such as credit card numbers, bank card accounts, and ID numbers.

How can I defend against phishing attacks

  • Do not click on unknown links or open emails from strangers.
  • Reinforce security for servers or terminal computers, install anti-virus software, and upgrade the virus library and operating system (such as Windows and application service software) with patches regularly.
Thank you! We've received your feedback.