Phishing, Spear Phishing, and Whaling

Posted by in CASP, Security+, SSCP | 0 comments

If you’re studying for a security certification such as the Security+, SSCP, CISSP, or CASP, you should understand the basics of phishing, spear phishing, and whaling. Phishing is the practice of sending email to users with the purpose of tricking them into clicking on a link or revealing personal information. Spear phishing and whaling are targeted phishing attacks.

 

Phishing

Phishing emails go to a wide group of people without targeting anyone. It’s like a fisherman casting a wide net trying to see what he can catch. The attackers know that not everyone will respond, but they know that if they send enough emails out, enough people will respond.

As one example, attackers often load malicious software onto websites. The malicious code is downloaded as soon as a user visits (called a drive-by download). Attackers can either attack a legitimate site and add their drive-by download, or create their own. They then send a phishing email out hoping a user clicks. Once the user clicks, the drive-by download infects their system.

In other cases, a phishing attack will send the user to a malicious web site that appears to the user as a legitimate site and try to entice them to enter their username and password. In a common example, they send an email to the user indicating that their PayPal account needs to be validated and if the user clicks the link, they’ll be taken to a site that looks very similar to the actual PayPal site but with a different URL. If the user enters credentials, the attacker quickly harvests them and goes to action.

In other cases, they simply try to get the user to respond with sensitive information. As one example, I frequently receive an email similar to this:

========

THIS MESSAGE IS FROM OUR TECHNICAL SUPPORT TEAM

This message is sent automatically by the computer. If you are receiving this message it means that your email address has been queued for deactivation; this was as a result of a continuous error script (code:505) received from this email address. To resolve this problem you must reset your email address.

In order to reset this email address, you must reply to this e-mail by providing us the following Information for confirmation.

Current Email User Name : { }
Current Email Password : { }
Re-confirm Password: { }

Note: Providing a wrong information or ignoring this message will resolve to the deactivation of This Email Address.

Technical Support Team.

========

Get Certified Get Ahead

This example shows the basic components of a phishing email. It indicates a problem that the user needs to address and includes a sense of urgency. In this case, if a user fails to respond, their email will be deactivated. Other times, the email threatens deactivate a banking account, freeze funds, or take a similar action. The From field of this email indicated it came from “HELPDESK Cox Customer Safety”, though the actual email was not from Cox Communications.

When attackers get a response, they can log on as the user and hijack the account. If it’s a financial account, they’ll empty the account in short order. Even if it’s only an email account, many people use the same email address and password to log onto other accounts. The attacker simply tries to log onto banking and financial sites with this information.

Security+ Full Access Package

Get Certified Get Ahead Security+

Pass the First Time!

Up-to-date Content

New multiple-choice and performance-based questions added regularly

Pass the first time with quality practice test questions, performance-based questions, flashcards, and audio.

Buy The Full Access Study Package Today

60 Days Access For Only $55.98

Need more time? You can easily renew for another 60 days at a significantly reduced price.

All materials are available online shortly after making your payment.

Get the Security+ Full Access Study Package Here

Our online Security+ study materials are the perfect complement to the CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide. They can also be used to help ensure you're ready no matter what study guide you're using.

This exam is expensive.

Make sure you're ready before exam day. 

Here's what you'll get:
  • All of the multiple-choice questions from the best-selling CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide. See a demo here. All questions have full explanations so you'll know why the correct answers are correct and why the incorrect answers are incorrect.
  • Over 35 new multiple-choice questions we've added after publishing the study guide.
  • Over 70 performance-based questions. See a demo here.
  • All of the flashcards from the study guide. View them in any Web browser.
  • All of the audio from the study guide. Listen to a sample here.
  • A subnetting mini-tutorial to help you answer key question types in the Security+ exam.
  • Access to a free discount code for 10% off your Security+ voucher. Save $31.10 off the US retail cost for this voucher.

Buy The Full Access Study Package Today

60 Days Access For Only $55.98

All materials are available online shortly after making your payment.

Get the Security+ Full Access Study Package Here

Spear Phishing

Spear phishing targets a group of people. For example, a spear phishing email can target employees of a specific company, customers of a specific company, or even a specific person.

Whaling

Whaling targets high-level executives. As an example, a whaling attack targeted senior corporate executives using their actual name, company name, and phone number. The attackers drafted an email that looked like an official subpoena requiring the executive to appear before a federal grand jury and included a link for more details about the subpoena. If the whale clicked the link, it took them to a website that indicated they needed to install a browser add-on to read it. If they OK’d the install, it actually installed a keylogger and a back door. From here on, the executive’s keystrokes were logged and attackers were able to periodically access their system to retrieve the keylogger file.

Vishing

Vishing is a form of phishing that uses the phone system or voice over IP (VoIP) technologies. The user may receive an email, a phone message, or even a text encouraging them to call a phone number due to some discrepancy. If they call, an automated recording prompts them to provide detailed information to verify their account such as credit card number, expiration date, birthdate, and so on.

The biggest protection is education and up-to-date antivirus software. If users understand the tactics and the risks, they are less likely to respond to the phishing emails or click the links. And even if they do click a link, up-to-date antivirus software will often catch it.

Leave a Comment

CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide

Subscribe To Our Newsletter

Join our mailing list and get a free excerpt of the CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide.  This excerpt includes the introduction and Chapter 1.

You have Successfully Subscribed!

Get Certified Get Ahead is a participant in the Amazon Services LLC Associates Program,
an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to amazon.com.

Copyright © 2015 Get Certified Get Ahead. All Rights Reserved.