Phishing and spearphishing: An IT pro’s guide (free PDF)
Phishing is one of the most common varieties of cyberattack—and it’s been around for a long time. This ebook explains the different types of phishing exploits and offers strategies for protecting your users and your organization from attack.
From the ebook:
Malicious actors typically employ a variety of phishing techniques in their attacks:
Deceptive linking
The most frequently used—and most reliable strategy for attackers—is to disguise a malicious link as pointing to a legitimate or trusted source. These types of phishing attacks can take any number of forms, such as exploiting misspelled URLs, creating a subdomain for a malicious website, or using confusingly similar domains.
For examples of those three strategies, consider the following: The letter I is very close to L on standard QWERTY keyboards, which would make “googie” a plausible stand-in for “google.” For subdomains, an attacker controlling example.com could create subdomains for that domain (e.g., “www.paypal.example.com,”) for which the start of that URL appears legitimate. For confusingly similar domains, the domain “accounts-google.com” was registered as a clone of “accounts.google.com” in a phishing attack during the 2016 US presidential election.
International Domain Names (IDNs) can also be used to create confusingly similar looking domain names by allowing the use of non-ASCII characters. Visual similarities between characters in different scripts, called homoglyphs, can be used to create domain names with visually indiscernible differences, fooling users into believing that one domain is actually another.
Website cloning, forgery, and covert redirecting
Websites vulnerable to cross-site scripting (XSS) attacks can be used by malicious actors to inject their own content onto the actual website of the service being attacked. XSS can be used to harvest data entered on a compromised website (including username/password fields) for the attackers to use at a later date.
Some phishing attacks use XSS to create pop-ups, which originate from a vulnerable website but load a page controlled by the attackers. Often, this type of covert redirect loads a login form to harvest login credentials. As a result of the prevalence of this type of attack, most browsers now display the address bar in pop-up windows.
Voice and text phishing
Malicious actors also rely on phone calls and text messages to harvest account information, with texts sent to banking customers claiming their account access is disabled and prompting users to call a phone number or use a website set up by attackers, from which account information can be harvested.