A deep dive into the world of phishing

Criminals will go to great lengths to "phish" for sensitive personal and financial information that can be resold on the black market or used directly for monetary gain. The likelihood that your organizations will be targeted with phishing and ultimately be hacked is increasing dramatically. Cyren helps you combat the fast-growing phishing epidemic with powerful phishing intelligence services.

What is phishing?

Using an email or link to an online site, a criminal attempts to entice a person into providing sensitive or confidential information which can be used or monetized by the phisher.

Spearphishing

A targeted phishing attack focused on a specific person or group of people.

Clone Phishing

A phishing attack in which the 'phisher' uses a genuine, previously delivered email to create an identical (or almost identical) email containing similar content, attachment, recipient, and sender email address. A fraudulent link or attachment replaces the original one.

Whaling

A form of spear phishing focused on senior corporate executives or high-profile individuals, such as those in government. Email content may request the recipient perform a task, such as providing employee records or sending a wire transfer, or contain malicious links.

Stay up to date with the latest in cybersecurity from Cyren

[Threat report] The Phishing Issue: From Targeted Attacks to High-Velocity Phishing

Download

[On-demand webinar] 10 Steps To Protect Your Business From Phishing Attacks

Watch

[Blog article] Trickbot Banking Trojan Making Phishing More Real

Read

The phish: Step by step (Download infographic)

 
Victim identification

Mass phishing attack
— Untargeted, large group of victims

Targeted phishing attack
— Specific group or high profile victim

 
Source setup

Brand names
— Phisher selects a brand name for mass email
— Uses newly created domain or hacked website for webpages that resemble the brand name website

Sophisticated content
— Develops an email with legitimate-looking content
— Spoofs the email address of someone at a target organization

 
Distribute attack

Mass distribution
— Phisher sends email with brand logos/name and links to fake webpages
— Places links to fake web pages in banner ads, on social media, and in text messages

Targeted distribution
— Phisher sends emails to specific target victim or group

 
Hook victims

Click Fake Links
— Victims click fake links and enter personal information into fake web page

Respond to email request
— Victim replies to email with request information

 
Expand / Monetize

Develop additional attacks
— Phisher uses stolen credentials for next phase of attack.
— Collects additional email addresses from hacked accounts

Financial gain
— Phisher sells stolen credentials
— Steals money using credentials from bank, PayPal, or fake wire transfer

Did you know...

Phishing doesn’t always involve an email distribution. Criminals are creating fake website advertising banners or text advertisements that link back to a malicious URL. The unsuspecting victim clicks the link and enters credentials on the fake site. The sensitive information is then captured and saved by the cybercriminal.

Reeling in the big catch with Business Email Compromise

A form of spear phishing, business email compromise (BEC) attacks have been increasing in number over the last few years. The FBI estimates a 1300% increase in BECs over the last two years, with losses estimated at more than $3 billion. There are two types of BEC attacks:

MULTI-PHASE ATTACK

STEP 1: Infiltrate with a fake email requesting a password reactivation for a corporate Office 365 account.

STEP 2: Armed with the employee password, read corporate emails to get key business details, such as customers, vendors, decision makers, and financial data.

STEP 3: Launch a spear-phishing attack to accounts payables, requesting a vendor payment with the money going to an account set up by the criminal.

EMAIL SPOOFING ATTACK

STEP 1: Fake an email address by creating a similar looking email account.

STEP 2: Send email to a business department, such as accounting or human resources, requesting the transfer of funds or information.

STEP 3: Employee responds, having only looked at the sender's name and not the email address which has been spoofed.

How Email Spoofing or "Internationalized Domain Name" (IDN) Homograph Attacks Work

The hacker registers an email domain that reads like the target company's, sometimes replacing, dropping, or adding a single character, such as a zero "0" for the letter "o". Using real corporate executive names, the attacker used creates an emaila ddress on this similar looking domain. Thus, all email fields appear valid, with the sender's name and email address seeming to match, but on closer inspection, they belong to a domain that just resembles the recipient's company own.

Prepare for phishing attacks with Cyren's Cyberthreat Report

Phishing sites don't last a zero-day

Cyren experts examined phishing sites tracked and flagged by Cyren's global security cloud and discovered that after 40 hours, over half of the phishing sites analyzed no longer exist, making it difficult for many cybersecurity solutions to detect and block them.

After 40 hours, over half of phishing sites no longer exist, making it difficult for many cybersecurity solutions to detect and block them.

Did you know...

Phishing uses social engineering to create an email that looks like it came from someone the victim knows. The email requests that recipient do something like provide financial information or the password to a corporate login.

Improve your phishing protection level

Password Management

Use password manager that creates different and unique passwords for every site.

Two-Factor Authentication

Require staff to use two different components for login, such as a PIN or password and something he possesses (a phone).

Automated Detection

Use real-time web security gateway with real-time phishing intelligence that draws from large data sources and analytics and provides continuous protection from emerging web threats on all devices.

Consider training your staff on how to spot phishing attempts with a simulated phishing attack.

#1 Get executive management on board.

#2 Develop online training or work with an anti-phishing training company.

#3 Schedule regular simulated phishing attacks to ensure no complacency.

#4 Include the cost and implications of a successful phishing attack in your training.

Shopping, financial, and internet services most popular phishing targets

Apple, Chase, and PayPal were the top three most frequently spoofed websites, accounting for more than half of the total phishing URLs. Banks, internet services, Google, and Microsoft rounded out the top ten

Brand% phishing URLs
Apple27.2%
Chase20.9%
PayPal19.5%
Wells Fargo4.1%
DocuSign3.1%
Dropbox3.1%
Microsoft2.8%
Google2.5%
General Email Phishing2.4%
Alibaba2.4%

How Cyren helps stop phishing

Cyren Email Security
  • Blocks delivery of sophisticated, large-scale phishing email attacks on a global basis as attacks happen, in real time
  • Stops users from accessing phishing URLs with "time-of-click" analysis and blocking, not just when an email was sent
Cyren Web Security
  • The Cyren security cloud continuously monitors and blocks access to millions of malicious phishing URLs
  • Pro-active phishing protection identifies just-released "zero-day" and previously unknown phishing links based on the correlation of data across billions of daily and historical transactions