Danger!

Seriously, how bad can it be if you click on that suspicious link in your e-mail?

Organizations around the world spend billions of dollars keeping themselves safe from cyber-attacks. Even after all measures are taken, a user's actions can be the deciding factor between a successful and unsuccessful cyber-attack. So, before going much further I'll revisit some basics for the uninitiated.

Phishing, Vishing, Smishing, Spear Phishing, Pharming, Whaling, etc. are all in one form or another a social engineering attack. In the following definitions, "sensitive information" means a lot of things. such as Credit card numbers, account numbers, social security information, User ID and/or password, another person or entities information. etc.

  • Phishing: is the fraudulent practice of sending emails purporting to be from reputable person or companies in order to induce individuals to reveal sensitive information.

  • Pharming: the fraudulent practice of directing users to a bogus website that mimics the appearance of a legitimate one, in order to obtain sensitive information. Also, it can download malicious code such as keyloggers, virus's, worms, trojans, etc.

  • Spear Phishing: the fraudulent practice of sending emails ostensibly from a known or trusted sender in order to induce targeted individuals to reveal confidential information.

  • Whaling: is a form of phishing that targets valuable individuals. This typically means high-ranking officials and governing and corporate bodies. The purpose of whaling is to acquire an administrator’s credentials and sensitive information.

  • Vishing: the fraudulent practice of making phone calls or leaving voice messages purporting to be from reputable companies in order to induce individuals to reveal personal information, such as bank details and credit card numbers, and other sensitive information.

  • Smishing: the fraudulent practice of sending text messages purporting to be from reputable person or companies in order to induce individuals to reveal sensitive information.

  • Calendar Phishing: the act of sending a fake calendar invitation with phishing links from what seems to be a reputable source.

  • Evil Twin Phishing: You know that Wifi link you just clicked on from Starbucks, the airport, or other seemingly legitimate location? It may have been the wrong one, and its redirected you to a site that can ask you to enter credentials or installs malware on your device.

  • Social Media Phishing: when an attacker uses social media sites to obtain sensitive information or data by clicking on malicious links.

Phishing and all its forms have been around and evolving since the 2000's. The best away to combat all these forms of attacks is a combination of organizational tools and equally important user awareness. Cyber security professionals focus on user training through effective phishing education. This is an essential part of any organization's ant-phishing strategy. Although there are many things enterprise tools that are used to monitor anomalies from endpoints, user sign-Ons, etc. the user is still at the front line. Here are some common methods that organizations use to counter phishing aside from training.

  • Multi-Factor Authentication

  • Email content redaction

  • Outlook phishing e-mail button on the ribbon.

  • Microsoft Defender, Defender 365, Sentinel, etc

  • IBM, AWS, GCP, all have their own tools.

  • Barracuda Sentinel

  • RSA FraudAction

  • etc.

Some indicators of Phishing for users:

  • An email asks you to confirm personal information: Getting an email that looks authentic but random, it's a strong red flag that it may have a malicious intent.

  • Poor grammar: Misspelling, poor sentence structure, other languages, etc.

  • Urgency in a message about any situation: If something sounds too urgent, last minutes count downs, act now or else "something" will or won't happen unless you act now. There's a very good chance its designed to get you in a panic to do something. Don't trust that Nigerian prince, it's a scam.

  • Suspicious links or attachments: Receiving an unexpected message asking you to download or open an attachment is most likely malicious.

  • Too good to be true: A once-in-a-lifetime deal, is probably too good to be true. Don't believe it.

Also, here's an example of an exploit delivered through phishing. This comes from the Microsoft Threat Intelligence Center.

CVE-2021-40444 MSHTML vulnerability

Analyzing attacks that exploit the CVE-2021-40444 MSHTML vulnerability - Microsoft Security Blog