Phishing Concepts & Techniques
Phishing emails often look "official",
some recipients may respond to them and click
into malicious websites resulting in financial
losses, identity theft, and other fraudulent activity.
Characteristics of Phishing Emails
A typical phishing email will have the following
It normally appears as an important notice,
urgent update or alert with a deceptive
subject line to entice the recipient to
believe that the email has come from a trust
source and then open it. The subject line
may consist of numeric characters or other
letters in order to bypass spamming filters.
It sometimes contains messages that sound
attractive rather than threatening e.g.
promising the recipients a prize or a reward.
It normally uses forged sender's address
or spoofed identity of the organisation, making
the email appear as if it comes from the organisation
it claimed to be.
It usually copies contents such as
texts, logos, images and styles used on legitimate
website to make it look genuine. It uses similar
wordings or tone as that of the legitimate
website. Some emails may even have links to
the actual web pages of the legitimate website
to gain the recipient's confidence.
It usually contains hyperlinks that
will take the recipient to a fraudulent website
instead of the genuine links that are displayed.
It may contain a form for the recipient
to fill in personal/financial information
and let recipient submit it. This normally
involves the execution of scripts to send
the information to databases or temporary
storage areas where the fraudsters can collect
Characteristics of Phishing Websites
A typical phishing website will have the following
It uses genuine looking content such
as images, texts, logos or even mirrors the
legitimate website to entice visitors to enter
their accounts or financial information.
It may contain actual links to web
contents of the legitimate website such as
contact us, privacy or disclaimer to trick
It may use a similar domain name or
sub-domain name as that of the legitimate
It may use forms to collect visitors'
information where these forms are similar
to that in the legitimate website.
It may in form of pop-up window that
is opened in the foreground with the genuine
web page in the background to mislead and
confuse the visitor thinking that he/she is
still visiting the legitimate website.
It may display the IP address or the fake
address on the visitors' address bar assuming
that visitors may not aware of that. Some
fraudsters may perform URL spoofing by using
scripts or HTML commands to construct fake
address bar in place of the original address.
Common Methods of Phishing Attacks
If the recipient believes that the email comes
from a legitimate organisation, there are several
common methods used by the fraudsters for phishing.
Install Trojan program or worms to the recipient's
computer in form of email attachment to exploit
loopholes and vulnerabilities or to take screenshots
of the system, in order to obtain sensitive
information from the recipient.
Use spyware, such as keyboard loggers, to
capture information from the recipient's computer
and sends the information back to the fraudsters.
Use deceit to gain recipient's confidence
so that the recipient will visit the fraudulent
website that appears as legitimate and provide
sensitive information by completing a form
on web page.