Phishing Deep Dive: Classic Phishing

Classic phishing is the most common type of phishing. Discover what it is and how to protect your company from this type of attack.

Phishing’s origins have been traced back to 1995. That’s when a group of hackers devised several schemes to steal money and sensitive information from America Online (AOL) users. Many of the tactics used back then are still in use today. As a result, this type of phishing is referred to as classic phishing.

In classic phishing, cybercriminals send a massive number of cookie-cutter emails to people all over the world. In these emails, hackers masquerade as a reputable person or a legitimate organization. Using a convincing pretense, they try to trick the email recipients into performing an action. Typically, they want the recipients to click a malicious link or open a weaponized email attachment.

What happens next varies widely. The malicious link might lead to a spoofed (i.e., fake) website designed to capture victims’ credentials or it might lead to a site that installs malware on their devices. Opening the weaponized attachment might also lead to victims’ devices being infected with malware. The malware might be a web trojan that collects credentials from victims’ devices or a keylogger that captures input from their keyboards.

The credentials, account information, and other sensitive data gathered from a classic phishing attack is often used to steal the victims’ money or data. Sometimes, though, it is sold to other cybercriminals on the dark web.

10 Signs an Email Might Be a Classic Phishing Scam

Out of the three types of phishing, classic phishing scams are the easiest to spot. For more than 25 years, hackers have been sending out massive mailings of them, giving security researchers plenty of specimens to dissect and analyze. Researchers have found that classic phishing emails often include one or more red flags. An email might be a classic phishing scam if it includes:

1. A request to verify or update information. In the first known phishing campaign in 1995, hackers posed as AOL employees and asked people to either verify their account details or confirm their billing information. More than a quarter century later, hackers are still posing as employees of legitimate organizations and asking people to verify sensitive information.
2. A confirmation for an order you did not place. When you order products and services from large e-retailers such as Amazon and Walmart, they send you an email that confirms the order and gives details about it (e.g., what was ordered, expected delivery date). Some hackers create fake order confirmations and use them as phishing fodder. Besides listing bogus details about the order, the confirmation includes a link that can be used to supposedly dispute the purchase. The hackers hope that you will click this link, thinking that someone used your store account to make an unauthorized purchase.
3. A request for a donation. Preying on people’s compassion, cybercriminals like to send out phishing emails that pretend to be collecting donations for the less fortunate (e.g., victims of natural disasters, cancer victims). People who fall for the scam are sent to spoofed donation websites designed to steal their money as well as their financial account information (e.g., credit card numbers, PayPal passwords, bank account numbers).
4. A notification that someone is sharing a file with you. Cybercriminals often take advantage of the popularity of file-sharing services such as Dropbox and iCloud. They create phishing emails that look like official notifications and include a generic message such as “I just shared a video clip with you that was too large to email” or “Your manager has just shared a new document with you”. If you click the provided link, you will likely be downloading malware on your device.
5. A notification about winning a prize. Although prize notifications are not as common as they used to be, you might still encounter phishing emails that inform you about a lottery or contest you supposedly won. To claim your prize, all you need to do is pay a “processing fee” and provide some sensitive information.
6. A deceptive sender email address. Classic phishing emails often include a deceptive email address in the “From” field. The hackers use an email address that is very similar to that of the legitimate organization they are pretending to be from. For example, the address in the “From” field might be “promotions@amazan.com” in hope that people will misread it as an “@amazon.com” address.
7. A generic greeting. Classic phishing emails are sent to the masses, so they typically include a generic greeting (e.g., “Hello”, “Dear PayPal customer”) or no greeting at all. In some cases, the recipient’s email address is used in the greeting (“Dear JaneDoe@ABCServices.com”).
8. An urgent tone. Classic phishing emails often try to create a sense of urgency so that you act immediately. The hackers first let you know about a problem that requires your attention. Then, they tell you that there will be unfortunate consequences if you do not take action quickly. For example, an email supposedly from Netflix might state that your payment card has expired and you need to update it in the next 48 hours to avoid a service disruption.
9. Misleading links. A misleading link is one in which the actual URL does not match the displayed URL or linked text. For example, the linked text might specify a legitimate company’s name or web address, but the actual URL leads to a spoofed website designed to steal sensitive information or install malware.
10. An email attachment. Hackers sometimes attach weaponized files to their emails. Legitimate businesses typically do not email files without advanced notice. So, unless you specifically requested a document from a company, be wary of any attachments supposedly emailed by one. Also be wary of attachments emailed by individuals if you did not request the file.

How to Defend Your Business Against Classic Phishing Attacks

To protect your business from classic phishing attacks, you can use the stop, educate, and mitigate strategy:

Stop as many classic phishing emails as you can from reaching employees’ inboxes. To do so, you need to keep your company’s email filtering and security solutions up-to-date. You might also want to explore getting an email security solution that uses advanced technologies to catch malicious emails.

Educate employees about classic phishing emails so they can spot any that reach their inboxes. It is important to educate employees about classic phishing scams and how to spot them (e.g., generic greeting, misleading links). As part of this training, be sure to inform them about the risks associated with clicking an email link or opening an email attachment, especially if the email is from an unknown sender. Also show them how to check for misleading links in emails by hovering the mouse cursor over them (but not clicking them).

Mitigate the effects of a successful classic phishing attack. Hackers are continually coming up with new classic phishing schemes, so your company might fall victim to an attack despite everyone’s best efforts to prevent it. Taking a few preemptive measures might help mitigate the effects of a successful classic phishing attack. For example, since obtaining login credentials is the goal of many classic phishing scams, you should make sure each business account has a unique, strong password. That way, if a phishing scam provides hackers with the password for one account, they won’t be able to access any other accounts with it. Equally important, you need to perform backups regularly and make sure they can be restored. This will enable you to get your data back if an employee inadvertently initiates a ransomware attack by clicking a link or opening an attachment in a classic phishing email.

The individual steps for implementing the stop, educate, and mitigate strategy will vary depending on your business’s needs. We can help you develop and implement a comprehensive plan to defend against classic phishing emails.

Phishing with icon flickr photo by Infosec Images shared under a Creative Commons (BY) license