How a Phishing attack progresses:

How it starts:

Phishing can take many different forms, from a “Have you logged in from here” email to “Your account is due to be suspended”

By using social engineering to influence a user they are able to convince them, due to their lack of knowledge.

A phishing attack may start with an already compromised email account sending an email. This would usually instruct that they have a new message or file that they need to go to a website to view.

Alternatively, it may impersonate another contact such as Dropbox, Facebook, Microsoft etc, advising that you have a file/email available and then tries to take you to a website- as shown below:

Phishing email

This is the bait.

Red Flag #1

A huge clue to this been a phishing scam is the email doesn’t match what you would expect – for example the person the email says it’s from “Dropbox” – but the actual email has no correlation to dropbox in terms of domain. You would expect an @dropbox.com email to send you anything of importance.

What happens when you click the hyper link?

You will usually then be sent to a website like the one above (although they may not always look exactly like this one since there are hundreds of different templates) but you will always see a “login” page.

This login page is a fake.

For an attacker this is the most critical part of the attack – they need you to believe that this is legitimate site asking you to login.

Red Flag #2 

Before entering your details, make sure you have double checked that the URL is legitimate.

A URL is the web address, which can be found in the “address bar” of your browser- See image beneath.

URL- Phishing

Look at the URL. Are you expecting an email, or do you know a contact from a company called “jabeh”? Have you ever heard of this company and especially for sending or receiving files?

Most basic users will not look at a URL when been sent to a website, and attackers take this into consideration, therefore a lot of phishing attacks from experienced computer users are quickly picked out just by the URL itself.

The Website

Phishing websites can range from looking very realistic and responsive to looking very basic, to quickly get the website out there and start phishing. Some may even redirect you to correct links, such as the website home page.

If you’re unsure about a website – check the links – hover over them and see where they are going – this specific website goes nowhere which sets off red flags.

Reeling you in:

I don’t like phishing, and I bet you don’t either. Let’s look how it progresses once I enter my very personal email and very personal password in.

Step 1

Step 2

Step 3

Step 4

To no surprise, they don’t recognise my email or password. Let’s have a look at what really happened…. behind the scenes.

You may not understand what’s happening below, but it’s simple:

An attacker has taken the email address and password inputted and then sent this to a specified email. It then tells you that your input was wrong.

$(“#alert”).show();

$(“#alert”).html(“<img src=’assets/img/not_found.png’ width=’30’> invalid email and password combination try again”);window.location.href=”index.php”; }, delay );

This is where most people will just accept they can’t get to the file and give up and close the browser, completely unaware they have had their details stolen with little to no effort.

The cyber-criminal has gained full access to your emails and had the ability to send phishing attack from your emails – which could also include malware.

Who is most likely to be targeted?

  • Finance
  • Directors
  • Administrators/Secretary

Top Tips:

  • Don’t click on links within emails that are asking you to download or look at a file
  • If you’re not expecting a file from the person who is sending you one, ring them and ask.
  • 10mb data files such as excel, word etc are rare – most of these files can be attached over email.
  • If it doesn’t feel real, then ask your IT.
  • Use the clues given in this article to see if anything matches – if it does. Contact your IT and do not click any further.