The most imaginative phishing attacks

Phishing attacks have increased exponentially in recent years. According to recent studies, phishing attempts, for example via email, accounted for nearly half of all emails sent in 2021.

From this perspective, the termphishing” has become tremendously popular. There isn’t a day that we don’t wake up to news about an attempt to phishing anonymous companies or citizens through increasingly imaginative mechanisms.

Phishing and social engineering

In phishing attacks, the phishing and social engineering they play a fundamental role. Not surprisingly, cybercriminals make use of false identities based on the human sensitivity and the needs that people they have at all times.

When the subject that concerned us was the tax return, the “messages from the Ministry of Finance” were the main focus of phishing attacks; When we were focused on the pandemic, messages related to health, in all its aspects —products, public bodies, security, etc.— were the ones that caught the attention of cybercriminals. Now that the war in Ukraine puts the lack of supplies or freedom of expression at risk, it is more than possible that cybercriminals pose as NGOs or even journalists.

Generic phishing techniques

The objective is always to get the victim to carry out some action that allows the cybercriminal to obtain some type of benefit, be it in the form of an economic transaction, access to information or control of computer systems.

Starting from this premise, the action of the victim becomes one of the key steps when a phishing attack achieves its objective. For this reason, the strategies used by cybercriminals make use of techniques that are increasingly more imaginative.

Below, we collect some of those techniques that have been, and are, used by criminals in phishing attacks. Is about ingenious, little-known techniqueswhich are sometimes particularized for sectors or groups of people but which share a common pattern in their way of acting.

Targeted searches

Users’ suspicion of links in emails has led cybercriminals to resort to alternative mechanisms to gain the trust of their victims.

Phishing techniques have been detected that make use of Google search recommendations that are directed at deliberately prepared websites that have previously achieved high suitability ratings using SEO positioning techniques.

Cybercriminals spend part of their time getting websites that act as bait to appear at the top of searches for certain terms, for example, from Google. In this way, when they subsequently make a recommendation to their victims about a certain concept or term, they will be directed to the destination specially prepared to act as a decoy.

Exclusive encrypted information for the recipient

The distrust of a victim is fought using precisely the concern for trust.

Phishing techniques have been detected that make use of Google search recommendations

From here, cybercriminals try to convince their victims with access to resources apparently encrypted and personalized for them. In this way, the recipients perceive a false sense of security. The cybercriminal invites them to use sensitive information, such as username and password, as a decryption mechanism. The confusion between Concepts such as “encryption keys” and “information access keys” plays a fundamental role in the success of this type of technique.

The usual thing about these attacks is that, Through an email, the criminal convinces his victim, for example, that a file contains encrypted confidential information and that only he or she could decrypt by entering their username and password; something totally impossible to accomplish and that can be confused with public-private key cryptography management.

MFA for undefined uses

The use of double authentication mechanisms is increasingly widespread. The financial sector, for example, in compliance with European PSD2 regulations, uses it on a regular basis. But he’s not the only one. Increasingly, email accounts, access to commercial applications or even social networks implement double authentication mechanisms that reduce risk that password theft can lead to.

For this reason, cybercriminals resort to MiTM techniques through which they make the victims believe that an event has occurred for which they will be sent an authentication code that they must provide.

The reality is that said code does not correspond to the operation that the victim believes to executerather it serves the cybercriminal to access a service without the victim being aware of it.

There are many examples of the use of this type of technique. One of the most obvious is a message indicating that an email account or a bank account has been blocked. Next, the victim is asked to provide the verification code that will be sent to him as proof of identity for his unlocking. Immediately afterwards, the victim will receive a verification code, sent by the real service that the cybercriminal wants to access, and that the user will provide to the criminal if necessary. The end result is known to all.

Microsoft, medium and form

Another technique used by cybercriminals is based on Microsoft tools to confuse victims.

Perhaps the most representative example can be found in how cybercriminals invite download a file from OneDrive to the victim while at the same time presenting him with a custom-made form from Microsoft tools.

The fact that the Internet domains that appear in the form are the same as those provided by Microsoft, acting as a “security guarantee” against the victim. The objective is that the victim does not detect that they are not actually accessing a cloud storage service, but rather completing a form that will immediately be sent to the cybercriminal for exploitation.

And we could go on…

Sure, we could extend the list of phishing attack techniques as much as we wanted; but they will all have a common denominator: social engineering will play a predominant role during the process. In fact, it is a key element. An element that can only be combated through continuous awareness of the users themselves.

And it is that, now that the Artificial Intelligence techniques or the blockchain have acquired greater prominence, the field of action for cybercriminals is very likely to grow at exponential rates. concepts related to thedeepfakes” or the “ice phishing” will appear more and more in specialized media, highlighting new models of phishing attacks.

The conclusion in the face of this reality therefore seems obvious: we must remain constantly alert to this reality. It would be naive to think that, with these resources, cybercriminals will not be able to define new techniques, even more imaginative ones, with which they will try to continue deceiving us.

By Juanjo Galán, Business Strategy at All4Sec