Phishing continues to be a popular method of network infiltration. In this video, you’ll learn about different phishing techniques, and I’ll demonstrate a real-world example from my email inbox.
Phishing is a term we use to describe social engineering that uses a number of different communications methods to make you think that something is real, when in fact, it really isn’t. This is usually delivered by mail, text message, or some other communication method in order to have you give up information that normally would be private. This might be a username and password you use to log into a service or it may be some private information about yourself.
We can usually check the links in these messages to see if they’re pointing towards a well-known and well-trusted site, but if it’s a phishing message, it probably is going to a different location than what you would normally expect. And very often there’s something not quite right with the information that’s being provided.
For example, this is the web mail login to Rackspace, or at least it’s pretending to be that. You can see that it tends to have a problem with the spacing and some of the fonts inside of this message, which might lead us to believe that this is not really the Rackspace login page. I got to that page by following this email that was inside my spam folder.
And it says, “dear user, we notice your email has not been confirmed for the new upgraded service.” Well, I certainly want the upgraded service. It says, “I will be blocked from sending and receiving emails if not confirmed.”
So now they’re giving us a deadline on when we need to click this link, and we can simply click the Confirm Email Now. If you look closely at the sender of this message, it’s associated with an icloud.com address, which is an Apple service. This is obviously a message for someone who has email on a Rackspace service. This means the information contained in this message doesn’t quite ring true and we might want to do a little bit of extra research before clicking any of these links.
As a good best practice, in fact, you would never click a link that’s inside of your email, but for the purposes of showing you what can really happen, I went ahead and clicked the link that said Confirm Email Now. It brought me then to a Rackspace login page, and it almost looks like a real Rackspace page.
There are a few things that are a little bit different. If we put these side by side, you can see that the phishing email took me to the image that you see on the top, but the actual Rackspace login page is the one on the bottom. It’s interesting that they added the same suspicious email image to try to make you think that you really were logging in to a legitimate Rackspace page.
In that previous example, the attacker was trying to get us to give up our username and password into that email service. And that’s what these email messages are trying to do is convince you that they are someone else and convince you to give up some of your information. We tend to trust email sources, and because of that, we tend to click on links that are inside of the email. But obviously, this can run into some significant security problems.
As we noticed with the message that was in my Spam folder, the email addresses that were used as the sender were not quite what we expected. In some cases, they might spoof an actual email address from that company or they’ll use an address that’s very close to the email of that company. For example, if you receive an email that says it’s from Professor@professormessor.com you might say that looks like the same domain name, but in reality, my last name is spelled M-E-S-S-E-R .com. And that’s how you would know that this particular address probably wasn’t sent by Professor Messer.
Someone gaining access to my email could certainly allow them to send other emails from my account or they could look through the emails that are already in my account to see if there’s some financial information or logins that they could use. For instance, they could go to PayPal. They could use the reset password feature. It’s sent back to my email, which now the attacker has access to. Or they may just be trying to have you click that link, and if you click that link, it takes you to a website that downloads malware and infects your system.
The attackers use a number of different ways to trick and misdirect you into clicking the links or believing that what you’ve received is from a legitimate source. This might be something like typosquatting. If you look at the destination for the link they’ve provided, you might see that the destination is professormessor.com, and we’ve already seen that is not a legitimate, fully qualified domain name, which normally would be professormesser.com.
We refer to this type of misdirection or hijacking as typosquatting. But what the attackers are really good at is outright lying. We refer to this as pretexting. They’re going to make up a story and drag you into this particular drama in the hopes that you’ll click a link or login to a site and they can gain access to your username and password.
Or maybe they call you on the phone and say, “hi, we’re from Visa, and this is about an automated payment to your electrical services. It didn’t go through. So you’ll need to give me those details over the phone.” In reality, of course, they’re not from Visa, there’s not any problem with your automated payments, but they’re trying to gain access to your credit card information.
We even categorize that type of over-the-phone communication as vishing, or voice phishing, where someone will spoof a caller ID, say that they’re from your bank, and then get you to give up information about your account details, your login, and other private information.
If you have a mobile phone, you’ve probably seen this type of phishing delivered as a text message. We refer to this type of phishing as smishing, which is a reference to SMS, or the Short Message Service, which is the formal name for this text messaging. I get text messages like this one all the time. This one says it’s from USPS, and it says that I have a package that needs to be delivered, but it’s been suspended due to an incorrect delivery address. And they’re hoping that you click that link to be able to log into your account, and at that point, they have your username and password.
And of course, there are many, many, many, many other scams that they can go through. There’s the fake check scam, the phone verification code scam, and many others. I would highly recommend you become familiar with these types of scams and phishing techniques. You may be the person that’s able to stop your friends or family from falling victim to one of these scams.