- WHY AVERTIUM?
-
-
Why Avertium?
Context over chaos. Disconnected technologies, siloed data, and reactive processes can only get you so far. Protecting businesses in today’s threat landscape demands more than a set of security tools – it requires context.
That's where Avertium comes in
-
Considering Microsoft?
Avertium Named Microsoft Security Solutions PartnerAvertium’s managed services for Microsoft Security Solutions is delivered through the company’s premium service: Fusion MXDR. Fusion MXDR includes 24x7 monitoring and management of Defender for Endpoint and Sentinel, threat intelligence, attack surface
monitoring, and vulnerability management for Microsoft Security customers.
-
-
- SOLUTIONS
- COMPANY
- PARTNERS
-
-
Our Partners
Best-in-class technology from our partners... backed by service excellence from Avertium.
-
Partner Opportunity Registration
Interested in becoming a partner?
With Avertium's deal registration, partners can efficiently and confidently connect with Avertium on opportunities to protect your deals.
-
-
- NEWS & RESOURCES
- CONTACT
executive summary
Phishing, a common cyber threat that involves various deceptive tactics designed to compromise user security and steal sensitive information. While some may have a general idea of what phishing is, others may be out of loop when it comes to how many phishing techniques exist.
Phishing tactics frequently include spoofing methods to persuade individuals and coax them into taking the bait. These deceptive schemes are crafted with the intention of deceiving recipients into giving sensitive information to unauthorized parties.
This guide provides an in-depth exploration of diverse phishing techniques, including HTTPS phishing, clone phishing, angler phishing, and pop-up phishing. By understanding these tactics and implementing proactive security measures, individuals and organizations can protect themselves against phishing attacks.
Phishing
Phishing stands as the reigning champion among social engineering tactics, a broad category encompassing various attempts to deceive individuals. In a typical phishing campaign, you may receive an email masquerading as a legitimate communication from a reputable and familiar organization, prompting you to update or confirm personal details either by responding directly to the email or visiting a linked website.
The URL provided may closely resemble familiar addresses you've encountered before. The email's content might be skillfully written to persuade you into complying with the instructions provided. Essentially, phishing is a type of social engineering, which often works hand in hand with other sneaky tactics such as spreading malware, injecting code, and infiltrating networks. This partnership creates a potent arsenal for attackers to wreak havoc. Now that we have an idea of what traditional phishing is, lets look at some lesser-known phishing techniques.
https phishing
HTTPS phishing exploits the trust associated with secure connections to deceive users into interacting with fraudulent websites. Attackers leverage HTTPS encryption to create convincing imitations of legitimate websites, tricking users into disclosing sensitive information or downloading malware.
According to Open Text Cybersecurity’s 2023 Global Threat Report, the usage of HTTPS surged from 32% in 2021 to surpass 49% in the previous year, marking an impressive increase of almost 56%. The report also highlighted a common misconception among users who believe that HTTPS sites are automatically secure due to the padlock symbol displayed in the browser. However, the report cautioned that attackers are aware of this misconception. They exploit it by registering domains, obtaining certificates, and setting up malicious websites to deceive unsuspecting users.
.
Image 1: Padlock in Browser
Source: TonyHerman.com
It seems that domain registrars and certificate-issuing authorities are experiencing challenges in thwarting fraudsters' efforts to obtain and misuse authentic certificates to boost their phishing success rates.
Open Text also noted a rise in the ratio of HTTPS to standard HTTP websites in 2022.
"Although the surge in phishing activity witnessed in April coincided with a decrease in HTTPS usage, the heightened phishing activity observed in October and November corresponded with the highest adoption rates of HTTPS throughout the year.
This trend suggests that over time, attackers may have acknowledged the advantage of exploiting users' trust in HTTPS URLs as secure, opting for these URLs over HTTP counterparts during peak phishing periods." – Open Text
clone phishing
Clone phishing involves creating fake copies of legitimate emails, including attachments or links. Attackers exploit trust in previously received communications to trick recipients into interacting with the malicious content, often leading to credential theft or malware infection.
In clone phishing attacks, messages may differ, but they usually share similar traits. They often convey urgency, pushing recipients to act quickly. These messages commonly include harmful links or file attachments, essential for the attacker's plan.
For example, an employee receives an email seemingly from their company's HR department, informing them of an urgent issue with their payroll information. The email appears authentic, using the company's logo and email format. It urges the employee to click on a link to verify their details to prevent a disruption in their salary payments.
Unaware that it's a malicious message, the employee clicks the link and unknowingly provides their login credentials to the attackers, compromising their account and potentially exposing sensitive company data. In this scenario, the attackers have successfully cloned a legitimate email from the employer, exploiting an individual’s trust and sense of urgency to deceive them into divulging sensitive information.
angler phishing
Angler phishing exploits social media platforms and messaging apps to target individuals with fraudulent offers or messages. These attacks often lure victims into clicking on malicious links or providing personal information under the guise of legitimate “opportunities”.
Angler phishing attackers scour through the social media profiles associated with a targeted company. After identifying individuals expressing dissatisfaction, whether in tweets or Facebook comments, these attackers reach out to them via direct messages using fake accounts.
As a result, social media users, eager for a quick customer service resolution, often engage with these messages, believing they're communicating with genuine company representatives. The attacker typically uses a social media handle resembling that of the targeted company to enhance the lie.
Once contact is established, the attacker tries to coax the victim into revealing sensitive information, such as passwords, or trapping them into clicking on malicious links that lead to malware downloads.
pop-up phishing
Pop-up phishing involves the dissemination of deceitful messages that unexpectedly "pop up" while users browse the internet, often occurring when threat actors compromise legitimate websites with malicious code.
These messages are particularly effective due to their convincing content, often portraying fraudulent security alerts aimed at unsuspecting visitors. They typically convince individuals to download supposedly necessary tools, like antivirus software that is actually malware. The pop-up may also convince the victim to contact fraudulent support phone numbers - a tactic increasingly observed in recent times. Let’s look at an example of how easy it can be for people to fall victim to pop-up phishing.
Image 2: Pop-Up Phishing Example
Source: Information Security (Washington Unv. in St. Louis)
In the healthcare sector, a nurse, let's call her Sarah, is diligently reviewing patient records on her hospital's website when suddenly, a pop-up message claiming to be from the IT department appears on her screen. The message warns Sarah that her computer has been compromised and urges her to download an urgent security patch to protect patient data. Concerned about potential breaches, Sarah clicks the prompt and unknowingly installs malware onto the hospital's network, granting cybercriminals access to sensitive patient information.
defense
HTTPS Phishing – to safeguard your organization against phishing schemes utilizing SSL certificates, educate your team about HTTPS cyber threats:
- Instruct employees to verify suspicious emails containing links by contacting the sender directly via phone or email, rather than replying. This applies to both internal and external communications.
- Encourage scrutiny of website URLs, emphasizing the importance of checking for misspellings or incorrect domains (e.g., .gov instead of .com).
- Advise typing URLs directly into the browser instead of clicking on embedded links.
- Teach employees to hover over links to preview their destinations, ensuring they match the intended sites. Emphasize the importance of hovering without clicking, even if the link appears trustworthy.
- Discourage the use of wildcard certificates on production systems, as they can increase the risk of compromise and expand the attack surface if a server or certificate is breached,
Clone Phishing – preventing clone phishing attacks is tricky because the attacks can be subtle. Here are some ways to protect your organization:
- Educate employees about the dangers of phishing, including clone phishing tactics. By understanding that even seemingly genuine messages can be malicious, employees can better identify and respond to these threats.
- Implement email security tools that can detect clone phishing attempts based on suspicious links and attachments. These solutions act as a barrier, preventing phishing content from infiltrating the recipient’s inbox.
- Utilize cybersecurity measures such as endpoint protection and multi-factor authentication (MFA) to minimize the impact of a successful clone phishing attack.
- These strategies can detect and thwart delivered malware or make it harder for attackers to exploit compromised credentials.
Angler Phishing – take a look at these tips for avoiding angler phishing and protecting your organization from social media scams:
- Prioritize interactions with verified company accounts to mitigate angler phishing risks. Be wary of unverified or recently created accounts, as they are more likely to be fraudulent.
- If contacted by a supposed company representative, independently verify their identity by reaching out to the company directly. While this may require some time, it’s a wise step in ensuring your safety. Refrain from trusting individuals who discourage you from confirming their affiliation with the company.
- Approach links shared on social media with caution, especially from unfamiliar sources. Politely decline clicking on links for security reasons and insist on further verification.
- Genuine company representatives will respect your caution, while hackers may pressure you to proceed. Consider employing an anti-phishing solution for additional protection against suspicious links.
- Take proactive measures by reporting suspicious accounts to the respective social media platforms. Even if you can discern a fake profile, others might be susceptible. Reporting such accounts helps safeguard potential victims and contributes to online safety efforts.
- Most major social media platforms offer user-friendly reporting tools for this purpose.
Pop-Up Phishing - here are some guidelines for organizations to help prevent employees from falling victim to pop-up phishing scams:
- Recognize that even with antivirus protection, employees may come across fraudulent pop-up messages on certain websites, indicating potential website infections rather than computer compromise.
- Exercise caution when encountering pop-up messages on websites, particularly those claiming to detect issues with your computer. Legitimate IT support teams typically do not use pop-ups for those kinds of alerts.
- Do not grant remote access to your computer unless you are familiar with and trust the individual or organization requesting access.
- When in doubt about the authenticity of a message, especially from a known vendor, verify its legitimacy by contacting the vendor directly using their official contact information.
cONCLUSION
It’s important to get ahead of the curve by being proactive with protecting your organization, instead of waiting to put out a massive fire. Avertium has services that can help:
- Fusion MXDR is the first MDR offering that fuse together all aspects of security operations into a living, breathing, threat-resistant XDR solution. By fusing insights from threat intelligence, security assessments, and vulnerability management into our MDR approach, Fusion MXDR offers a more informed, robust, and cost-effective approach to cybersecurity – one that is greater than the sum of its parts.
- Avertium aligns your Cybersecurity Strategy with your business strategy, ensuring that your investment in security is also an investment in your business. Our Cybersecurity Strategy service includes:
- Strategic Security Assessments - Strengthening your security posture begins with knowing where your current program stands (NIST CSF, Security Architecture, Business Impact Analysis, Sensitive Data Inventory, Network Virtualization and Cloud Assessment).
- Threat Mapping – Leverage Avertium’s Cyber Threat Intelligence, getting a more informed view of your most likely attack scenarios (Threat Assessment and MITRE ATT&CK).
- Cyber Maturity Roadmap - Embrace a comprehensive, quantifiable, and well-organized approach to establishing and continuously enhancing your cybersecurity resilience (Policy + Procedure Development, Virtual CISO (VCISO), Training + Enablement, Tabletop Exercises, and Business Continuity + Disaster Recovery Plan).
- Avertium uses KnowBe4 as a professional service for user awareness training. The service also includes Incident Response Table-Top exercises (IR TTX) and Core Security Document development, as well as a comprehensive new-school approach that integrates baseline testing using mock attacks.
Supporting Documentation
What Is Clone Phishing? - Check Point Software
Understanding and fighting clone phishing - Trustpair
2023 OpenText Cybersecurity Threat Report | OpenText (bfldr.com)
HTTPS Phishing Attacks: How Hackers Use SSL Certificates to Feign Trust | Keyfactor
Common Phishing Attacks | NCDIT
What Is Clone Phishing? - Definition, Examples & More | Proofpoint US
What is angler phishing and how can you avoid it? | NordVPN
What Are Angler Phishing Attacks? Definition, Risks, and Prevention| KuCoin
Phishing Attack - What is it and How Does it Work? - Check Point Software
APPENDIX II: Disclaimer
This document and its contents do not constitute, and are not a substitute for, legal advice. The outcome of a Security Risk Assessment should be utilized to ensure that diligent measures are taken to lower the risk of potential weaknesses be exploited to compromise data.
Although the Services and this report may provide data that Client can use in its compliance efforts, Client (not Avertium) is ultimately responsible for assessing and meeting Client's own compliance responsibilities. This report does not constitute a guarantee or assurance of Client's compliance with any law, regulation or standard.