Phishing is a type of social engineering attack where emails, messages, or social media are used to manipulate individuals into compromising their data security. Threat actors often impersonate trusted entities to deceive victims into clicking malicious links or revealing sensitive credentials and personal information. This can lead to a range of cybercrimes, including data theft, identity fraud, and malware infection.
Phishing manifests in different forms, targeting victim demographics ranging from the less technologically literate to cybersecurity professionals. Its tactics vary to exploit numerous vulnerabilities, such as individuals’ lack of cybersecurity awareness, greed for deals, and carelessness in navigating phishing attempts. Traditional phishing often operates at scale, targeting many individuals indiscriminately to benefit from easier implementation, broader reach, and economies of scale. Common types of phishing include:
Email phishing: The most common phishing medium involves cybercriminals mass sending fraudulent emails to potential targets. Victims are prompted to click on malicious links, disclose confidential information such as login credentials, or download harmful attachments containing malware. To appear credible to unsuspecting users, attackers may employ fake email domains to impersonate reputable sources such as banks, online services, or established firms—a tactic known as email spoofing.
SMS phishing (Smishing): Utilises text messages instead of emails to deceive recipients. SMS messages have the advantage of reaching recipients quickly and directly, bypassing email filters and heightening the urgency of the message.
Voice phishing (Vishing): Employs phone calls to manipulate individuals. Attackers use compelling speeches to lower victims’ defences and prove credibility. Skilled attackers adapt their tactics based on victims’ responses during conversations, crafting convincing narratives in real-time to deceive them effectively.
Spear phishing: A targeted approach where cyber attackers tailor their attacks to specific individuals within organisations, typically through email. Attackers often conduct sufficient research to gather details such as names, positions, contact details, and project specifics. Using this information, these cybercriminals create emails or messages that appear legitimate and relevant to the target’s responsibilities. These communications often contain links or attachments aimed at stealing sensitive information like login credentials, enabling unauthorised access to systems and data. With this access, attackers can scale their operations or facilitate more precise attacks like Business Email Compromise (BEC) and whale phishing.
Phishing attacks often serve as the initial entry point for many cyber threats, allowing attackers to infiltrate and exploit vulnerabilities within systems. Examples of these cyberattacks include malware propagation, ransomware attacks, data breaches, and Advanced Persistent Threats (APT). Such incidents can severely disrupt business operations, resulting in data theft, financial losses, loss of stakeholder trust, and other implications depending on the attackers’ motives and the specifics of the incident.
The human element is often the weakest link in an organisation’s cybersecurity defences. Recognising the signs of phishing is crucial for individuals to avoid falling victim to these tactics. Some obvious indicators of phishing attempts include:
Beyond easily identifiable phishing attempts, these attacks have evolved to become more targeted and complex. Advanced phishing attacks employ strategic methods to deceive potential victims and circumvent traditional security measures, posing challenges even for cybersecurity experts.
AiTM phishing aims to acquire unauthorised access through interrupting the traffic between the victim and the login page of the target website. There are two methods that AiTM phishing may employ:
AiTM phishing often escalates into a BEC attack when the attackers use the acquired information to impersonate the victim and manipulate other parties into making fraudulent transactions via email. This unauthorised access allows attackers to conduct various malicious activities, including data theft and malware deployment.
Homoglyphs are characters that seem similar and are used to create malicious email domains or URLs that appear legitimate. For instance, the letter “I” and lowercase letter “L” may look similar in some fonts, deceiving users of their malicious intent. An example of a homoglyph is shown below:
The invisible ink technique involves embedding invisible characters into emails, links, or documents using methods like Cascading Style Sheets (CSS) and HyperText Markup Language (HTML). Attackers may use characters such as soft hyphens, zero-width joiners, or text with zero font size. While users see and read one set of content, Secure Email Gateways (SEG) detect the hidden text, interpreting the context differently and therefore allowing the email through.
The example below demonstrates how an invisible ink phishing attempt using soft hyphens can bypass SEG and other detection tools, allowing the phishing email to reach the victim’s inbox.
Typosquatting is used in phishing attacks to make fraudulent websites appear credible and trustworthy. Malicious actors create fake websites designed to look like legitimate ones, exploiting common typographical errors in the web address. For example, using “amzon” instead of “amazon” or “dbss” instead of “dbs.” Users who land on these counterfeit sites due to a misspelling in the URL may disclose their credentials while making transactions.
AI has transformed phishing attacks by automating the process and enabling easy scalability. AI and large language models can quickly generate highly personalised and persuasive phishing emails or messages using publicly available information about targets. This eliminates the need for manual research by attackers.
Additionally, deepfake phishing technology, powered by AI, further blurs the line between legitimate and fraudulent communications, making it increasingly difficult for users to discern between the two. As phishing attacks become more convincing and cost-effective, their frequency and success rates will rise.
Avoiding phishing attacks is essential for individuals and companies to safeguard themselves from potential threats. Here are some approaches companies can take:
Organisations should educate employees on cybersecurity best practices, such as verifying the legitimacy of sources before sharing classified information and handling spam emails with caution. It is also highly recommended that organisations reinforce awareness of phishing threats by conducting simulated phishing exercises.
MFA enhances login security by requiring additional verification beyond passwords. This added security mitigates the risk of unauthorised access, even if passwords are stolen.
DMARC, designed to combat email spoofing, allows domain owners to define how emails should be authenticated and specify actions for emails that fail these checks. This helps protect individuals and companies from fraudulent emails that falsely claim to be from trusted domains. DMARC can be complemented with AI-based email filtering services that detect and block malicious emails from reaching users’ inboxes.
Endpoints are vulnerable to phishing attacks. Organisations should strengthen their endpoint defences through measures such as:
While standard cybersecurity protocols and measures provide organisations with a layer of protection against phishing attacks, they may prove ineffective against skilful phishing attackers.
We recognise the evolving tactics of these advanced deceptions and continuously innovate to stay ahead of the threat actors. Our Phishing and Deepfake Detection solution, designed by Ensign Labs, deploys our patented phishing detection suite to effectively detect phishing domains. The system comprises four modules:
This innovation boasts an exceptional detection rate exceeding 95% for zero-day phishing attacks and campaigns. In addition to our detection capabilities, we offer our clients insights into possible targeted Internet Protocols (IP) addresses within their organisation and provide up-to-date insights on the advancement of phishing attacks.