What is Phishing?
Learn about all the phishing threats and scams that SlashNext stops.
What is Phishing and Types of Phishing Threats?
SlashNext’s Generative AI and Session Emulation (SEER) technologies employ Natural Language Processing (NLP) and Computer Vision to inspect suspicious websites and email content thoroughly. These advanced detection tools help SlashNext find more than 30 types of phishing and social engineering attacks. They also identify four categories of unwanted commercial emails, including spam and graymail. Many of these threats have not been studied in depth. Their classification and names were created through careful research by SlashNext Labs.
Our Threat Cyclopedia can help you fully understand each threat’s nature and risk level. Many types of phishing exist; those listed in this glossary of phishing threats are the most pervasive.
Credential Phishing
Credential phishing, also known as credential theft and credential stealing, is a common phishing attack where threat actors trick users into giving up their login details through fake websites that resemble legitimate ones, often using well-known brands. Even with training, users can still fall victim to these attacks, as the phishing techniques have become more sophisticated. An example of credential phishing is when users may be presented with a fake login page that mimics their normal two-factor authentication experience, leading them to give up their authentication codes and login credentials.
Enterprises have tried to minimize these attacks by training employees to identify and avoid fake sign-in pages, but errors still happen. To protect against phishing, experts suggest using AI (Artificial Intelligence) and machine learning to detect and respond to anomalous behavior quickly.
Business email compromise is a phishing scam that targets companies for financial gain by spoofing or compromising email accounts of executives or finance personnel to request fraudulent wire transfers. These attacks lead to millions of dollars in losses for companies every year. Business Email Compromise, or BEC, attacks are mostly delivered through email, but cybercriminals are also having success with this type of scam through SMS text messaging. There are five categories of BEC scams, including fake invoices, CEO fraud, account takeover, attorney impersonation, and data exfiltration.
Cybercriminals are now using generative AI to produce a wide range of outputs, including text, images, music, and more, to increase the speed and variation of their attacks. They can use this technology to create SMS messages, fake social media profiles, and well-written personal emails en-masse with infinite variations, making this method of cyberattacks dangerous to victimized organizations.
To counteract these AI attacks, SlashNext HumanAI™ uses AI cybersecurity technology that adds augmented AI and behavioral contextualization to computer vision and natural language processing (NLP) to detect BEC in email and mobile with unprecedented predictability. The technology can predict millions of new variants of the threats that might enter an organization, closing the security gap and vulnerabilities created by this dangerous trend.
Link Phishing
Emails with phishing links direct users to malicious content, including sites designed for stealing credentials, those laden with malware, deceptive sites promising free gifts, and pages that falsely intimidate users for baseless reasons.
Often, these emails imitate genuine communications from credible sources like banks, social media platforms, or even colleagues and employers, aiming to convince recipients that the request is legitimate and requires immediate attention.
Click here for descriptions and examples that use phishing links for credential stealing, fraudulent websites, technical support scams, rogue software and more.
Malware Files
Malware files often carry various forms of malicious content, including malware, phishing links, HTML pages designed for phishing, and messages crafted through social engineering for clicking on the files.
These attachments typically disguise themselves as harmless files, such as documents or ZIP files. The accompanying email usually features a social engineering message designed to entice users into downloading and opening these seemingly harmless attachments.
Click here for more details and examples of malware files used for credential stealing, fraudulent websites, technical support scams, rogue software, QR Code phishing, and others.
Account Takeover
Account takeovers occur when cybercriminals steal login credentials to gain unauthorized access to an email account. Once an attacker successfully compromises an account, they can use it for fraudulent activities, such as sending phishing emails, stealing sensitive data, and more.
Account takeovers are a significant threat to organizations of all sizes. These attacks typically involve cybercriminals obtaining valid login credentials and using them to impersonate the account owner. While financial information is often targeted, these attacks can also focus on stealing valuable data.
To safeguard against account takeovers, companies can protect their systems from credential phishing and Business Email Compromise (BEC) attacks, frequently leading to such breaches. Implementing robust cybersecurity practices, along with employee security awareness training on credential management, strong password creation, and the use of two-factor authentication, can help mitigate the risks of account takeovers.
QR Code Phishing
QR Code phishing, QR phishing, or quishing is a type of phishing attack where an attacker tries to trick a victim into interacting with a QR code image. The QR code usually redirects users to a page where they are prompted to enter login credentials.
Unfortunately, these pages are malicious copies, and attempting to log in gives attackers access to credentials, compromising the user’s account.
Click here for a QR Code phishing example.
Smishing
Smishing is a type of phishing attack that uses SMS messaging and phishing (smishing) to target mobile devices. These attacks often take the form of text messages that appear to be from trusted sources, such as banks or retailers, and contain links to phishing sites that aim to steal login credentials or other sensitive information. Smishing attacks are particularly effective because people tend to trust messages received on their mobile devices, and often respond to them quickly and without much thought.
As mobile devices become more widely used for work communication, the threat of smishing attacks is likely to increase. In addition, the lack of effective phishing protections on iOS and Android devices makes them vulnerable to these types of attacks. With SlashNext, however, malicious SMS messages can be accurately identified and quarantined, providing protection against smishing attacks. The SlashNext mobile apps offer heavy-duty protection against smishing attacks while consuming minimal memory and battery resources.
Generative AI Threats
In addition to the innovative generative AI-based bots that are used to create and launch advanced threats, future trends are pointing to 3D phishing that consist of voice, video, and text combinations using gen AI.
For more information about generative AI threats, view our webinar on Weaponizing Gen AI: How ChatGPT and AI Transform BEC and Advanced Phishing Attacks.
Spam and Graymail
Spam and Graymail are unsolicited emails sent without the recipient’s explicit permission. These are primarily sent for commercial purposes. The content often includes advertisements for various products, services, or upcoming events.
While spam is not inherently malicious, it can still overwhelm inboxes, significantly reducing individual user’s productivity. Company IT teams tasked with managing these messages also face increased challenges.
Click here for spam and graymail information and examples.
Rogue and Malicious Software, Apps, and Extensions
Malicious browser extensions can be highly sophisticated, often designed with legitimate functionality to bypass security checks on Chrome extensions. They can download JavaScript on the fly, and once installed, malicious scripts can be downloaded from the web, making it hard to distinguish between legitimate and malicious JavaScript. Cybercriminals have found a workaround for organizations that rely heavily on 2FA (2 Factor Authentication) by installing browser extensions that have access to the complete canvas of the browser, hijacking the session and capturing whatever is being rendered on the computer screen.
Once a user logs in legitimately, cybercriminals can start exfiltrating data from the browser, leaving organizations vulnerable. With the increase of phishing attempts that can bypass 2FA or multi-factor authentication, using extensions that make life easier like logging into email faster or using a PDF Converter is risky. Organizations must recognize the threat that malicious browser extensions pose and take steps to prevent these types of attacks from compromising their security.
Social Engineering Scams
Social Engineering is a technique used by cybercriminals to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes. This could be achieved through a combination of phishing techniques or even impersonating someone in person to gain access to a system or building. The goal for social engineering scams is to psychologically manipulate targets into disclosing sensitive information or taking inappropriate actions without realizing they have done something wrong until the fraud is exposed.
One of the most famous examples of social engineering was the Twitter breach involving Bitcoin transfer scams. Celebrity accounts were compromised, and the hackers used the trust built with hundreds of thousands of followers to perform Bitcoin scams. SlashNext’s Threat Lab sees dozens of similar cryptocurrency scams each day that use celebrity photos and names to conduct Bitcoin phishing. Cybercriminals prefer stealing cryptocurrency because it can be used for nefarious purposes on the Dark Web, leaving no trail behind. With such scams on the rise, it is important to be aware of the dangers of social engineering and the need for effective cybersecurity measures to protect oneself and one’s assets.
Spear Phishing
Phishing is a type of cyberattack, which most people are familiar with as mass emails, that try to trick someone into taking an action, such as clicking on a link or downloading an attachment. Once the recipient takes the bait, malware is installed on their computer system or network, which compromises its security. These types of threats are becoming more sophisticated as attackers design emails and websites to look like established and trusted brands. This is where spear phishing comes in.
Spear phishing is a targeted type of phishing attack. SlashNext Threat Labs saw a surge in spear-phishing attacks that targeted companies involved in COVID-19 vaccine and therapeutic development during the pandemic. In a 60-day period, over 800 spear-phishing domains belonging to the same threat actors were launched during the pandemic. These attacks were designed to appear trustworthy, and they targeted specific individuals, such as employees of companies that were working on COVID-19 vaccines or therapeutics. The goal was to steal sensitive account credentials. In this case, the attacks pointed to Office 365 login pages.
Supply Chain Attacks
Supply chain attacks occur when cybercriminals gain unauthorized access to an organization’s internal systems and data through an outside partner or vendor who has access to sensitive information. As suppliers and service providers have more access to confidential data, this type of supply chain attack is becoming more prevalent. With the use of cloud and social tools, including automation, trusted domain hosting, and behavioral targeting, cybercriminals can move with greater speed and effectiveness.
According to CSO magazine, all technology vendors, including security companies, are susceptible to supply chain attacks. Nation-state actors are exploiting vulnerabilities, such as lapsed security patches and targeted spear phishing attacks, to take advantage of the human element. As seen in the SolarWinds, FireEye, and Mimecast breaches, these cybercriminals have the skills and resources to breach even the most security-conscious organizations.
Man in the Middle Attacks
Man-in-the-Middle attacks aim to collect and sell data, and malicious browser extensions have become a popular method for cybercriminals to bypass organizations that heavily rely on Two Factor Authentication (2FA). Once a browser extension is installed, it can access the entire browser canvas, hijack the session, and capture whatever is being rendered on the computer screen. As browser plugins have full access to most browser resources and information being entered and rendered within the browser, injecting malicious code inside browsers disguised as benign-looking browser extensions has given cybercriminals unlimited access to all the data within the browser.
These browser extensions can bypass SSL encryption, and to bypass 2FA, they usually wait for the authentication phase to be completed before snooping on the authenticated session and stealing data. Despite the birth of 2FA as a response to ineffective security defense solutions, Man-in-the-Middle attacks can now bypass even multi-factor authentication. As a result, there are increasing numbers of phishing attempts that aim to take advantage of this vulnerability.
Business Text Compromise (BTC)
Business Text Compromise (BTC) is a type of fraud that targets executives or finance teams with the aim of defrauding companies. Similar to Business Email Compromise (BEC), BTC attacks are carried out via SMS or text messages and request information, funds to be sent, or wire transfer. The cybercriminals impersonate trusted vendors or company executives and target new employees or those who have access to bank information like accounts payable or finance.
It’s important to note that Business Text Compromise, or BTC, is gaining popularity among cybercriminals due to the success rate of scams carried out via text messages. Some of the BEC scams are also present in BTC, such as CEO or CFO fraud, account takeover, vendor impersonation, and IRS impersonation. In CEO or CFO fraud, a cybercriminal poses as a CEO or executive and asks employees to complete a money transfer or send gift cards. In account takeover, the employee’s account is hacked and used to request payments using email contacts and sent from the legitimate email address, with payments sent to cybercriminal bank accounts instead of the actual vendor. In vendor impersonation, cybercriminals impersonate vendors and request fund transfers for payments to an account owned by cybercriminals. In IRS impersonation, cybercriminals impersonate a lawyer asking for fraudulent requests to gather confidential information.
See SlashNext Complete™ for Email, Mobile and Browser in Action
Meet with a security expert for a demo and learn how to set up a personalized trial to see the threats entering your organization.
6701 Koll Center Parkway, Suite 250
Pleasanton CA 94566
800.930.8643
info@slashnext.com
© All Rights Reserved, SlashNext, Inc.