Types Of Phishing Attacks

Types Of Phishing Attack – Phishing is an Internet scam where the user is convinced to divulge personal and confidential information. Phishers trick users with offers of money or other inducements in order to get users to give them personal information. The main purpose of phishing is to get access to the customer’s bank accounts, passwords, and other security information.

Types Of Phishing Attack

Man-In-The-Middle Attacks

In this attack, the attacker’s computer is placed between the customer’s computer and the real Web site. This helps the attacker track communications between the systems. In order to make this attack successful, the attacker has to direct the customer to a proxy server rather than the real server.

A proxy server is an intermediate server between a user and the larger network. This attack is effective and successful either with HTTP or HTTPS communications. The user links to the attacker’s Web site thinking it is the real site, while at the same time, the attacker connects with the original Web site. As the connections are formed simultaneously, the attacker spoofs the communication in real time.

When a user tries to connect to a site via an HTTPS communication, the attacker generates a connection between the user and the attacker’s proxy, which allows the attacker to record the traffic in an unencrypted state. On the other side, the attacker proxy creates its own SSL connection with the original server.

The following are the techniques used to direct the customer to the attacker’s proxy server:

  1. Transparent proxies located at the real server capture all the data by forcing the real server HTTP and HTTPS traffic towards proxies. The proxy must be located in the same network segment or on the route to the real server. This operation does not require any configuration change at the customer’s end.
  2. DNS cache poisoning can be used to redirect the normal traffic routing by establishing a false IP address at the key Domain Name Service (DNS) server. DNS is a system that connects the numerical IP addresses of servers on the Internet with ie., their URLs. The attackers can then divert network traffic from a particular site to their proxy server’s IP address with this method.
  3. URL obfuscation tricks the user into connecting to the proxy server instead of the real site server.
  4. Browser proxy configuration forces all network traffic through the proxy server when the user’s proxy configuration options on his or her browser are changed.

Types Of Phishing Attack

URL Obfuscation Attack

In this type of attack, the user follows a link to a phishing site instead of a legitimate site.

The following are the methods used to obfuscate URLs:

  1. Bad domain names: Users can be attacked by purposeful registration and use of bad domain names. Users may not notice the small variation between the domain names of the phishing site and the legitimate site.
  2. Friendly login URLs: URLs that include authentication strings for quick login can trick users into trusting the link. The convenience of quick authentication persuades users to follow the hyperlink.
  3. Third-party shortened URLs: With the increase in the complexity of URLs due to their length, and since the URLs can be represented in various e-mail systems, some third-party organizations offer free service in providing shorter URLs. Phishers make use of the free service to complicate the true destination by employing social-engineering methods and through deliberately breaking long or incorrect URLs. Services that shorten URLs for free include http://smallurl.com and http://tinyurl.com
  4. Host name obfuscation: Instead of sending familiar domain name URLs, phishers send links with the IP addresses so that users do not know that they are following a link to a phishing site. Using IP addresses can also sometimes help phishers get by some content-filtering systems. In addition to using the decimal IP address, phishers may also encode IP addresses in the following ways:

Dword: It means “double word” since it consists of two binary words of 16 bits, which is expressed in decimal.
Octal: The address is represented in base 8.
Hexadecimal: The address is represented in base 16.

Types Of Phishing Attack

Cross-Site Scripting Attacks

A cross-site scripting attack is also referred to as CSS or XSS. This attack makes use of custom URLs or code injection inside a genuine Web-based application URL or embedded data field. This attack results from poor Web application development processes.

Most CSS attacks use URL formatting. When the user of a Web application accesses the URL, he or she accepts any arbitrary URL for insertion into the URL field because of poor application coding by the organization. Due to this, the customers trying to get authentication for that application are referred to a page that is under the control of the external server. The customer unknowingly gives all his or her authentication information to that spoofed site.

Hidden Attacks

Hidden attacks use HTML, DHTML, or other scripting languages to interact with the user’s browser and change the way information is displayed. Attackers use hidden attacks to fool users into thinking their information is coming from the legitimate site.

Methods used for hidden attacks are:

• Hidden frames
• Overriding page content
• Graphical substitution

Hidden Frames

The use of hidden frames is one fairly easy method of attack because it has uniform browser support and is easy to code. Hidden frames are created in the browser windows in order to do the following:

• Hide the source address in the attacker’s content server
• Provide a false secured-HTTPS wrapper

• Perform malicious activities by filling the images and HTML content present into the background
• Hide code from the user
• Execute code, hidden in the background, that may be used to record the user’s online behavior

Types Of Phishing Attack

Client-Side Vulnerabilities

As the feature set of browsers has grown, so has the number of vulnerabilities that an attacker may exploit. Unsophisticated users are especially vulnerable, as they are not aware of the danger of just using their software. Many of the vulnerabilities exploited through client-side scripting will not be detected by antivirus software, luring users into a false sense of security.

Deceptive Phishing

The most common method for deceptive phishing is through e-mail. The phisher sends a bulk e-mail to the customer with a certain call to action that demands the customer to click on the link. When the user clicks on the link, he or she is directed to a fraudulent Web site from where the phisher gets access to the confidential data given by the user.

The call to action by the phisher can include the following:

• A message that there is a problem with the recipient’s account that can be corrected by visiting the Web site’s URL, which is given in the message
• A statement about an illegal order made in the user’s name that can be canceled by clicking the link
• A prompting message about a new service that is being offered for free for a limited time period
• A notice about an unauthorized change made to the user’s account

DNS-Based Phishing

A DNS-based phishing attack refers to any type of phishing that interferes with the integrity of the lookup process for a domain name. This attack performs host file poisoning though the domain name service. The other form of attack is polluting the user’s DNS cache with invalid or incorrect data that is used to direct the user to a fraudulent location. This can be achieved directly if the user has a misconfigured DNS cache, or it can be achieved through a system reconfiguration attack. The system reconfiguration attack modifies the user’s DNS server into a malicious server by attacking the legitimate DNS server or by infecting the cache of the misconfigured legitimate DNS server.

Content-Injection Phishing

In this attack, malicious content is injected into a legitimate site via scripted code. When the user clicks on this content, it redirects the user to some other site and installs malware and viruses onto the user’s PC, or it can insert a frame of the content that redirects data to the phishing server.

Types of content-injection phishing include the following:

• Replacing legitimate content with malicious content by compromising a server through a security vulnerability
• Injecting malicious content into a site using a cross-site scripting vulnerability. CSS attacks exploit program flaws where the content comes from an external source, such as a blog.
• Performing illegitimate actions on a site using an SQL injection vulnerability. This causes unauthorized database commands to be executed.

If You Like This Blog Please Comment Down

For More Hacking Stuffs Click Here

Related posts

Leave a Comment