Phishing Techniques

The most basic form of phishing involves sending an email to an unsuspecting victim with a fake link or malicious attachment and hoping that the email is a convincing replica of a legitimate email such that the potential victim is fooled into accidentally giving their details to the scammer.

However, as internet users have become increasingly aware of the dangers that phishing presents to their personal data, simple schemes have become ineffective. Consumers are becoming increasingly good at spotting fake emails and reporting them to the companies being spoofed. As a result, phishers have become more creative in the manner they design emails and websites.

An obvious way of checking whether or not a website is legitimate is looking at the URL. Scammers may produce nearly identical replica websites, but the URLs may be misspelled or contain unusual characters. This is called homograph spoofing.  As more consumers have become aware of this, scammers have had to turn to alternate ways of fooling their victims.

Some scams use JavaScript to place a picture of a legitimate URL over a browser’s address bar. The URL revealed by hovering over an embedded link can also be changed using JavaScript. This makes it difficult for even the most savvy of users to distinguish between real and fake sites.

Phishing campaigns use a variety of link manipulation techniques to trick victims into clicking on the embedded link in an email. Link manipulation may also be referred to as URL hiding. The technique may be varied to suit the attacker’s aims and the target in question.

Link shortening is a common way of directing victims to a malicious website. There are many services online which perform this service, such as Bitly. Victims then have no way of knowing if the shortened URL directs them to the legitimate website or to one created by the phisher.

Another phishing tactic relies on a covert redirect. This is where an open redirect vulnerability fails to check that a redirected URL is pointing to a website which may be trusted by the user. The redirected URL acts as a malicious intermediate which acquires authentication information from the victim before forwarding the victim’s browser to the legitimate site.

When sending the email, phishers may bypass email inbox filters by rendering all or part of their message as an image. Filters are designed to pick up on phrases which are common to phishing emails.  In image form, phrases used in the email are therefore not picked up by the filter, so the email reaches the potential victim’s inbox.

The easiest way to avoid being misdirected to a fake website is not to follow the link embedded in an email. Simply search for the website in question in a new tab, and login through that website. If there really is something wrong with your account, you shall be informed on login. Furthermore, familiarising yourself with common phrases used in phishing emails (such as being addressed to “our valued customer” instead of your name/username) can help protect yourself against scams which have made it past the email filters.'