Common Phishing Techniques

January 26, 2022

Phishing is one of the most common methods hackers use to attack businesses, governments and consumers.

Phishing attempts to trick unsuspecting users into divulging sensitive/personal data for the purpose of perpetrator financial gain. Attackers target login credentials, financial information, company data and any other digital assets that could be of monetary value.

Phishing attacks typically engage victims with a message intended to solicit a specific response to an email, an instant message or text message. The recipients, unknowingly tricked into clicking a malicious link, end up installing malware on their devices, freezing their systems as part of a larger-scale ransomware attack or unwillingly revealing private/sensitive information.

More sophisticated phishing campaigns create nearly identical corporate digital assets—fake web domains, spoofed emails, social media accounts, etc.—to dupe consumers and employees into providing sensitive information and unwittingly offering access to corporate networks. Depending on attack scope and persistency, large-scale phishing campaigns can escalate into largescale security incidents, from which an organization may not be able to fully recover.

Attackers leverage a variety of tactics to execute phishing attacks against their targets including emails, fake social media pages and personas (known as social engineering), instant messaging, texts and compromised websites.

Regardless of the delivery mechanism, INTSIGHTS outlines typical phishing attack techniques:

Link Spoofing

Hackers execute link spoofing by making malicious URLs appear to be legitimate, increasing the likelihood of users not noticing the slight difference(s) as they inadvertently click the malicious link. Some of these manipulated links can be easily identified by trained or savvy users who are accustomed to perform a check-before-click procedure. But many users still fall victim to homograph attacks, which take advantage of similar-looking characters, and reduce the efficacy of human-initiated visual inspection and detection.

Website Spoofing

Links are not the only items attackers can spoof. Website spoofing is the creation of a replica of a trusted site with the intention of misleading targeted users to a phishing website. Typically, such websites contain legitimate logos, fonts, colors and similar functionality—making the replicas appear as realistic as possible. Using readily available tools, such as Flash or JavaScript, attackers can control how the URL is displayed to the targeted user. This means that the site may show the legitimate URL even though the user is actually visiting a malicious clone. Cross-Site Scripting (AKA XSS) takes this methodology one step further; XSS attacks exploit vulnerabilities in the legitimate website, allowing attackers to present a real (legitimate) website to unsuspecting users while, behind the scenes, quietly harvesting credentials and other personally identifiable information (PII).

Malicious Website Redirects

A malicious redirect is a piece of code that is inserted into a website with the intent of redirecting users to another website and, consequently, harvesting additional personal information in the process. Malicious redirects typically involve a website that is willfully visited by a targeted user, who is then forcibly redirected to an undesired, attacker-controlled website. Attackers accomplish this by compromising a website and inserting their own redirection code, or by discovering an existing bug on the target website that allows a forced redirect through specially crafted URLs, for example.

Contact ALTA at 202-296-3671 or