A guide to cyber attacks: Phishing – Part 2

Click here to go back and read part 1 on malware.

Phishing typically involves attackers obtaining a victim’s personal information. This can include log-in details and bank details, and phishing attempts can be made via email, over the phone (Vishing: short for ‘voice phishing’), or in the form of a text message (Smishing: short for ‘sms phishing’).

>Read more on fraud in the enterprise mobile messaging industry

Phishing cyber attacks are similar to Trojan horses — attackers masquerade as another person or entity that the victim may think has a legitimate and innocent need for their personal details.

These attacks put an emphasis on scaring victims into giving key information to attackers. These attacks often involve a combination of authentic-looking emails from a highly ranked and respected official and suggest a sense of urgency concerning the need for information or funding.

The person who the attacker impersonates is often a senior colleague.

A recent study by Kroll found that phishing is the third most common category of cyber attack out of the 292 reported to the Information Commissioner within the last year. In fact, 51 of these categories were cited as phishing-related, coming just behind malware attacks, of which 53 were found.

Here we examine six common types of phishing attacks.

Spear Phishing

Spear phishing involves sending personalised messages to particular victims, making these messages seem more legitimate and innocent in the eyes of the receiver. This makes the technique more likely to successfully steal personal information.

>Read more on spear phishing

In addition to asking for personal details, messages may also be infested with links laced with malware, which can be downloaded onto a victim’s device if the link is clicked on.

Attackers research the victim’s hometown, place of work, network of employees or friends, in the process constructing a supposedly believable email.

Messages addressed to entire organisations are also common. For example, Microsoft reported that they had fought back against a spear phishing attack aimed at the United States senate, as well as the think tanks ‘The Hudson Institute’ and the ‘International Republican Institute,’ last month.

Found to have been instigated by hacker group Strontium, who have been associated with the Russian government, the attacks involved the creation of Internet domains similar to those pertaining to the think tanks. In this way, the attackers atempted to gain access to the senate’s network.

Whaling Phishing

Known as ‘whaling’ due to the increased size of the target in comparison to the average phishing attack, this particular technique is targeted at the details of people who work within the C-Suite of companies, such as CEO and CFO.

>Read more on whaling phishing

Whaling phishing is usually associated with corporate or personal data concerning the victimised executive, and attackers usually masquerade as high-profile organisations, such as a bank or business partner.

Emails are made to look legitimate using company logos and details, in addition to the use of spoofed email addresses and/or URLs, victims’ job titles, social media details and place of work.

Whaling usually involves frightening the victim by attempting to convince them that their job or company is on the line, so that they reveal company data

It’s believed that attackers take more time in planning a whaling attack in comparison to a run-of-the-mill phishing scam due to the increased potential reward afforded by heightened status of the target.

Man-in-the-Middle Attack

A man-in-the-middle attack entails an attacker impersonating a victim’s bank or an e-commerce site that the victim uses. The attach intercepts the correspondence between the two parties.

The attacker’s aim in this case is to obtain the victim’s bank details and, in turn, their bank account.

All successful man-in-the-middle attacks feature two phases: interception and decryption.

>Read more on mobile man-in-the-middle attacks, and how dangerous they are

Notably, man-in-the-middle attacks were prominent during the last World Cup; cyber attackers impersonating FIFA and official sponsors scammed customers into paying for fake tickets.

This kind of attack comes in, and is not limited to, the following forms:

-IP Spoofing: Attackers can fool victims into thinking that they are interacting with an application via the alteration of packet headers in an IP address.

-DNS Spoofing: The Domain Name Server (DNS) can be replicated by the attacker to fool victims into visiting a website that may seem legitimate, but is simply a faux site created by the attacker to steal information from the victim.

-HTTPS Spoofing: This involves the attacker adding an ‘s’ (standing for ‘safe’) to their site’s URL to fool the victim into believing that it’s harmless.

-SSL Hijacking: This method provides a way for cyber criminals to obtain a user’s login, financial or personal information over a secure server, by using another computer and secure server to intercept correspondence.

-Email Hijacking: This usually the involves the email account of a victim’s back, which attackers can monitor for transactions once they’ve hacked into it, and then send emails to the victim in the bank’s name based on those transactions, which opens the door for the victim to unknowingly pay money into the attacker’s account as well as giving them their personal and bank details.

-Wi-Fi Eavesdropping: Cyber criminals are capable of setting up legitimate-looking Wi-Fi hotspots that a victim could connect to, which will leave their login credentials and other classified information open to the attacker who has created the hotspot.

>Read more on how a 7-year-old girl hacked a public Wi-Fi network in 10 minutes

-Cookie Theft: Attackers can also hijack website sessions in order to gain a user’s login details and other supposedly confidential information.

A recent study by Switchfast referred to whaling attacks as a growing trend, citing complacent executives as a key factor.

Business Email Compromise (BEC)

A business email compromise, or BEC, is any method of email phishing that involves attackers pretending to be business executives or business associates in an aim to gain access to classified data from employees, customers or vendors.

One type of BEC is the mirror image of whaling; attackers masquerade as a company executive in order to obtain funds or sensitive information. These BEC attempts are made to look convincing, at first by gaining access of an executive’s email account, then addressing a particular target after searching the executive’s emails and social media accounts.

The emails typically feature a sense of urgency, ordering the target to transfer money or data over immediately.

Other types of BEC include:

-A bogus invoice scam, which involves cyber criminals disguised as company executives ordering the company’s finance department to change the destination of a payment to that of the attacker ahead of a due invoice.

-An account compromise, in which attackers hack an employee’s email account and send a client a message stating that a payment has not come through and to instead send it to another account, which is in fat the account pertaining to the perpetrator of the attack.

-A company lawyer impersonation, this involves attackers disguised as a company’s lawyer and asking for money to pay for their services or a legal dispute.

-Data theft, which involves cyber criminals disguised as company executives asking the company’s finance or HR department for corporate data, in order to set up a larger attack against said company.

A recent study by Mimecast found that BEC attacks had increased by 80% during the third quarter of 2018, with over 41,000 attacks being caught.

Clone Phishing

Clone phishing consists of cyber attackers using a spoofed email address taking an email with a legitimate links sent from an official body and replicating it, but lacing the links within with malware before sending it to the victim.

These links lead the victim to a malicious website that could install malware onto a victim’s device, or steal personal information, such as login and bank details.

>Read more on how artificial intelligence can stop the malware threats of the future

To further the illusion of innocence, claims of the clone email being a follow-up or resend may be involved.

Following a successful attack of this form, similar attacks to the first victim’s employees may follow.


Snowshoeing involves senders utilising an array of IP addresses and anonymous domains. This makes the emails more difficult for spam filters to detect, meaning that a proportion of them manage to enter inboxes.

The term originates from the snowshoe, the wearers of which use the footwear’s large surface area to spread their weight and prevent themselves from falling into snow. The spam email-associated definition, however, relates to the spread of emails over several IP addresses.

The idea of snowshoeing spam is for it to be sent in small batches in order to decrease the likelihood of detection.

>Read more on spam still being the first choice for cyber crime

The content of these emails include several faux, but supposedly realistic-sounding, business names to make them seem authentic to the receiver.

Stay tuned for part 3 of Information Age’s guide to cyber attacks, which will feature the various types of Denial of Service (DoS) attacks within the cyberspace.

Avatar photo

Aaron Hurst

Aaron Hurst is Information Age's senior reporter, providing news and features around the hottest trends across the tech industry.