Related Topics
Everything you should know about phishing campaigns
Phishing campaigns are mostly launched at random, but are easily mitigated with our Chrome Extension - Email Protector
23 Apr 2019
phishing cybercrime
Real hackers plan every single step very carefully. What’s the trick, you’ll ask? Well, experience and common knowledge go hand in hand. And since hackers usually specialize at one area at a time, it’s really hard to know when one’s knowledge is sufficient enough and skills are technically advanced enough to conduct such an attack. Usually 95% of all spammers are just skids (script-kiddies are wannabe hackers with insuficient programming and systems knowledge). Yes, it may happen so that they catch a fish or two, but the really malicious actors are the one preparing months before a big hit. Such a preparation has a lot of prerequites.
So how do hackers plan and execute campaigns?
Bore continuing on, have you checked out the article that goes about what phishing is and how to prevent it? Check it out if you have not. We’re not going to dive into some old cases of mine, as the technical details are overwhelming and this blogpost will be even hardly readable. I’d rather shed a light on what the Internet folks do. To be fair, there is a gazillion ways to launch a campaign - and often times it occurs as spontaneous as it sounds. Of course, the results of such a campaign will be close to zero and the - withough previous planning a campaign such as this will be a total failure. The fruit bearing way that hackers often times adhere to, is to launch a campaign whenever they have gained enough data like names, emails, phone numbers. But that’s all random data - a phishing campaign is nothing more than collecting some data or even buying it and then using it for malicious purposes. During those campaigns, mailcious actors have no real idea who they will compromise. That’s the main difference with wailing or spear phishing. So, whenever a phishing campaign is launched, it has the following goal:
- Gain access to target sensitive information - A campaign often times start with a mass mail-spam. The messages aim to trick the user into revealing important data — often a username and password that the attacker can use to breach a system or account. The classic version of this scam involves sending out an email tailored to look like a message from a major bank; by spamming out the message to millions of people, the attackers ensure that at least some of the recipients will be customers of that bank. The victim clicks on a link in the message and is taken to a malicious site designed to resemble the bank's webpage, and then hopefully enters their username and password. The attacker can now access the victim's account.
- Download a malicious payload - This is a bit tricky for cyber criminals nowadays, as most email apps and big corporations – Yahoo, Google, Microsoft have their own security solutions that can protect users from harmful campaigns. Those messages almost always end up in spam or get deleted – depending on the user’s settings. That’s why malicious users target middle-sized and small companies that usually have some IT staff that manages the email server. Often times those email servers are neglected – even an update is a lux that the IT guys can’t afford to have. As you’ve probably guessed, most of those companies use open-source software that is reliable, but if left not updated could cause serious damage to the company.
Leaving the admin stuff to the side, when a user gets a new message guess what happens? The user opens the email message – correct. Now, if the user sees that there is an attached file, he does what? Correct once more, he clicks and downloads the attached file. My personal observation shows that more than 80% of all users that have been infected and/or scammed have clicked and downloaded an attached file. If the user, runs a Windows OS instance on his laptop or tower, the chances that a malicious actor could gain access to the user’s system skyrocket. Don’t get me wrong – the Windows 10 team has repaired some of their Office Macro critical flaws that enabled macro execution and could carry some really harmful powershell functions, that in a flick of the command prompt could turn your computer into another hacked node – part of a botnet. It’s just wee bit difficult to make a Linux or a Mac user execute a file with root permission.
To sum it up – I’ve always advised people to think first. If you receive an email address from an ‘official institution’ - whether it would be the IRS, your Email provider or someone from your company, make sure that the message you’re getting has the correct sender – if not, you are being a target of a phishing campaign. And remember – official institutions always, ALWAYS send a paper copy of the documents to your physical mail.
Georgi Spasov
Georgi was the Bulgarian POC for high-tech crimes during his work as a cybercrime forensic investigator. Now, as a fullstack developer, he contributes with his knowledge in building highly available software solutions.
