What Are Phishing and Pharming?
Social engineering attacks involve psychological manipulation to deceive people and collect sensitive information. Phishing is one type of such attack where a malicious actor poses as a reputable business or entity. It relies on human error instead of exploiting hardware or software vulnerabilities.
Fraudulent emails are the most common tool used in phishing attacks. These emails appear legitimate and request sensitive information from the user, such as credit card details or password resets. The email usually contains a link that leads to a fake website that looks similar to the original one. Clone phishing, spear phishing, and pharming are the main types of phishing attacks.
In the cryptocurrency ecosystem, phishing attacks are also prevalent. Malicious actors try to steal Bitcoin or other digital currencies from users by spoofing legitimate websites and changing wallet addresses to their own. As a result, users may unknowingly pay for a fake service, and their money is stolen.
Types of Phishing
A range of phishing types exists, with attackers typically classifying them by target and attack vector. The following is a list of some common examples:
- Clone Phishing: In this type of attack, the attacker will copy the contents of a previously sent legitimate email into a similar email containing a link to a malicious site. The attacker may claim that this is an updated or new link, stating that the old one has expired.
- Spear Phishing: Focused on a single person or institution, spear phishing is a more sophisticated type of attack as the attacker profiles the victim first. This involves collecting information about the victim, such as the names of friends or family members, to construct a message that convinces them to visit a malicious website or download a malicious file.
- Whaling: A form of spear phishing that targets high-profile people, such as CEOs and government officials.
- Typosquatting: This attack directs traffic to counterfeit websites that use foreign language spellings, common misspellings, or subtle variations in the top-level domain. Phishers mimic legitimate website interfaces, taking advantage of users who mistype or misread the URL.
- Email Spoofing: Phishing emails often spoof communications from legitimate companies or individuals. They may present unknowing victims with links to malicious sites that contain login pages disguised with trojans, keyloggers, and other malicious scripts that steal personal information.
- Pharming: This attack involves poisoning a DNS record that redirects visitors of a legitimate website to a fraudulent one that the attacker has made beforehand. This is the most dangerous attack, as DNS records are beyond the user's control, leaving them helpless to defend against it.
- Website Redirects: Exploiting vulnerabilities, actors may insert website redirects that install malware onto users' computers, redirecting them to different URLs than intended.
- Malicious Applications: Phishers may also use malicious apps as a vector for injecting malware that monitors your behavior or steals sensitive information. They may pose as price trackers, wallets, and other crypto-related tools.
- The ‘Watering Hole’: Phishers profile users to determine websites they frequently visit, then scan these sites for vulnerabilities. If possible, they inject malicious scripts designed to target users the next time they visit that site.
- Impersonation & Giveaways: Phishers impersonate influential figures on social media, advertising giveaways or engaging in other deceptive practices to target gullible users. They may even hack verified accounts, modify usernames to impersonate a real figure while maintaining verified status and exploit their information. Phishers now heavily target platforms such as Slack, Discord, and Telegram for the same purposes, spoofing chats, impersonating individuals, and mimicking legitimate services.
- Advertisements: Paid advertisements are another tactic used for phishing. Attackers use fake advertisements with typosquatted domains and pay to push them up in search results, even appearing as a top search result for legitimate companies or services. They use these sites as a means to phish for sensitive information, including login credentials for trading accounts.
- Text and Voice Phishing: Attackers attempt to acquire personal information through SMS phishing, a text message-based form of phishing, and vishing, the voice/phone equivalent.
Phishing vs Pharming
Pharming is sometimes categorized as a type of phishing attack, but it operates differently. Phishing and pharming have a key difference in that phishing needs the victim to commit an error, while pharming only requires the victim to attempt access to a legitimate website whose DNS record has been compromised by the attacker.
Preventing Phishing Attacks
When it comes to phishing, critical thinking is your best defense. Ask yourself if you were expecting the email and if the person has a legitimate reason for asking for the information they seek. If in doubt, contact the sender through a different channel.
It's also important to check the content and sender's email address by searching for any records of phishing attacks using that method.
If you receive a request to confirm your account credentials, don't click the link in the email. Instead, try to confirm your account through a different means.
Be careful when checking URLs. Hover over the link to check if it starts with HTTPS, but note that this alone is not a guarantee of legitimacy. Look closely for misspellings or other irregularities.
When dealing with cryptocurrency, be especially cautious. Never share your private key for your Bitcoin wallet and be sure to verify the legitimacy of the seller before making any transactions. Unlike with credit cards, there's no central authority to dispute charges if something goes wrong.
To prevent cyber-attacks, it is important to understand the risks of phishing, which is one of the most common attack techniques. While email filters may catch many fraudulent emails, one should remain cautious and vigilant. Protect your sensitive information and avoid responding to suspicious requests. To confirm the legitimacy of the request, use a different communication channel. Avoid clicking on links related to security incidents and instead, navigate to the website directly. Always look for HTTPS at the start of the URL. Take extra precautions with cryptocurrency transactions, as there is no recourse in case of fraud. Keep your private keys and passwords secure, and do not assume trust without verification.