Phishing Concepts & Techniques

Phishing emails often look "official", some recipients may respond to them and click into malicious websites resulting in financial losses, identity theft, and other fraudulent activity.

• Characteristics of Phishing Emails

• Characteristics of Phishing Websites

• Common Methods of Phishing Attacks

• Phishing Attack Common Techniques

Characteristics of Phishing Emails

A typical phishing email will have the following characteristics:

• It normally appears as an important notice, urgent update or alert with a deceptive subject line to entice the recipient to believe that the email has come from a trust source and then open it. The subject line may consist of numeric characters or other letters in order to bypass spamming filters.

• It sometimes contains messages that sound attractive rather than threatening e.g. promising the recipients a prize or a reward.

• It normally uses forged sender's address or spoofed identity of the organisation, making the email appear as if it comes from the organisation it claimed to be.

• It usually copies contents such as texts, logos, images and styles used on legitimate website to make it look genuine. It uses similar wordings or tone as that of the legitimate website. Some emails may even have links to the actual web pages of the legitimate website to gain the recipient's confidence.

• It usually contains hyperlinks that will take the recipient to a fraudulent website instead of the genuine links that are displayed.

• It may contain a form for the recipient to fill in personal/financial information and let recipient submit it. This normally involves the execution of scripts to send the information to databases or temporary storage areas where the fraudsters can collect it later.

Top

Characteristics of Phishing Websites

A typical phishing website will have the following characteristics:

• It uses genuine looking content such as images, texts, logos or even mirrors the legitimate website to entice visitors to enter their accounts or financial information.

• It may contain actual links to web contents of the legitimate website such as contact us, privacy or disclaimer to trick the visitors.

• It may use a similar domain name or sub-domain name as that of the legitimate website.

• It may use forms to collect visitors' information where these forms are similar to that in the legitimate website.

• It may in form of pop-up window that is opened in the foreground with the genuine web page in the background to mislead and confuse the visitor thinking that he/she is still visiting the legitimate website.

• It may display the IP address or the fake address on the visitors' address bar assuming that visitors may not aware of that. Some fraudsters may perform URL spoofing by using scripts or HTML commands to construct fake address bar in place of the original address.

Top

Common Methods of Phishing Attacks

If the recipient believes that the email comes from a legitimate organisation, there are several common methods used by the fraudsters for phishing.

1. Install Trojan program or worms to the recipient's computer in form of email attachment to exploit loopholes and vulnerabilities or to take screenshots of the system, in order to obtain sensitive information from the recipient.

2. Use spyware, such as keyboard loggers, to capture information from the recipient's computer and sends the information back to the fraudsters.

3. Use deceit to gain recipient's confidence so that the recipient will visit the fraudulent website that appears as legitimate and provide sensitive information by completing a form on web page.