The Five Stages of a Phishing Attack
10 - February 2020
Phishing attacks lure unsuspecting people to click on links that lead to realistic-looking fake pages (spoof websites). The goal: stealing the victim’s login credentials. This attack vector dates back to the rise of email in the 1990s. But these days, cybercriminals can spread malicious URLs in other ways, too, such as direct messages in social media apps and texts.
Phishing attacks are effective for a simple reason: people can’t help but be tricked into clicking.
Knowledge is Power
To stop a phishing attack in is tracks, it’s important to first understand how they work. Let’s review the most common stages of a typical phishing attack:
- Building the spoof website. The hacker scrapes real code and legitimate images from a website to construct spoof sites. By some estimates, cybercriminals create 1.5 million spoof sites each month. This is easier than ever, thanks to web scraping tools that are available to anyone. Typically, hackers build spoof sites based on known and trusted domains. And they’re getting better at their craft. Even well-trained security professionals can have trouble distinguishing the fakes.
- Sending the phishing email. Once the hacker builds the spoof site, they then launch an email phishing scam. These highly convincing emails contain text and images and a link to the spoof site. The email urges the victim to click on the link, with instructions such as, “Your account has been compromised!” This happens on a massive scale. Hackers send an estimated 3 billion phishing emails a day.
- Narrowing the search for a victim. If the emails don’t reach the target they’re looking for, the hacker keeps trying their hand at finding the right email addresses. However, this step is a bit of a “guessing game” for the attacker.
- Taking the bait. Sooner or later, if a hacker is persistent, an unsuspecting victim steps into the trap. An undetected attack can yield thousands of victims.
- Collecting the stolen data. Hackers who steal customer data are after different things. Sometimes, they want to steal the victim’s financial assets, such as credit cards, bank accounts, or a tax return. Others want to gather as many credentials as possible to sell on the dark web and turn a hefty profit. Some adversaries seek to expose or humiliate victims by revealing confidential information to the public.
Customer Protection: Priority One
These are the basic steps that hackers employ to steal user credentials, but there are others. Some more sophisticated attackers can surpass a website’s multi-factor authentication mechanisms when a user attempts to reset their password. This was the case in the recent YouTube phishing scam that compromised 23 million users’ credentials. The adversary can keep the same phishing attack going, or they may move on to a new target company.
For enterprises, a top priority should be protecting your customers. But too many anti-phishing approaches only focus on employees. With the right tactics, you can ensure that customers’ trust in your brand stays intact. Protecting your customers from phishing attempts shows that you care about their security and privacy. Phishing represents a “perfect storm” that lures people to fall victim to well-crafted phishing emails disguised as communication from a trusted brand, and spoof websites that are difficult to distinguish as malicious.
To learn more about how Allure protects customers from phishing attacks, get in touch today.