Phishing

Question
What is a Phishing attack?
Answer

Phishing is a type of social engineering attack often used to steal user data, including login credentials and credit card numbers. It occurs when an attacker, masquerading as a trusted entity, dupes a victim into opening an email, instant message, or text message. The recipient is then tricked into clicking a malicious link, which can lead to the installation of malware, the freezing of the system as part of a ransomware attack or the revealing of sensitive information. Moreover, phishing is often used to gain a foothold in corporate or governmental networks as a part of a larger attack, such as an advanced persistent threat (APT) event. In this latter scenario, employees are compromised in order to bypass security perimeters, distribute malware inside a closed environment, or gain privileged access to secured data.

Phishing attack examples

The following illustrates a common phishing scam attempt:

  • A spoofed email ostensibly from myuniversity.edu is mass-distributed to as many faculty members as possible.
  • The email claims that the user’s password is about to expire. Instructions are given to go to myuniversity.edu/renewal to renew their password within 24 hours.

Phishing attack example - Phishing email

Several things can occur by clicking the link. For example:

  • The user is redirected to myuniversity.edurenewal.com, a bogus page appearing exactly like the real renewal page, where both new and existing passwords are requested. The attacker, monitoring the page, hijacks the original password to gain access to secured areas on the university network.
  • The user is sent to the actual password renewal page. However, while being redirected, a malicious script activates in the background to hijack the user’s session cookie. This results in a reflected XSS attack, giving the perpetrator privileged access to the university network.
Additional Resources

Phishing Tests

Sonic Wall - Phishing Test

Phishing Box - Phishing Test

Open DNS - Phishing Quiz

Details

Article ID: 91399
Created
Tue 11/5/19 3:00 PM
Modified
Tue 10/27/20 11:06 AM