Spear phishing

This is like a normal phishing attack, however the attacker gets information on the target, before launching the attack.

Impersonation

This is pretending to be someone the victim knows to get them to trust the malicious email.

Typosquatting

This is when you purposely misspell a name to make it look legitimate. For example putting a capital I (i) to pretend it’s a lowercase l (L). This can trich someone into thinking a fake domain is legitimate.

Homograph

This uses letters from different character sets that look the same but have different unicode codes.

Sender Spoofing

This technique is the process of making the sending address of an email look like a legitimate email.

You do this by editing the From: address. This isn’t verified when you send an email.

HTML Styling

This is when HTM coding is used to style an email. This helps the email look more professional and legitimate.

<a> </a> – Anchor tags allow for items (such as text or buttons) to be hyperlinked to a web resource.
<table> </table> – Table tags can be used for spacing or tables that include text or images. These are typically used to structure an email into different sections.
<b> </b> – Bold tags can allow text to be formatted as bold.
<I> </I> – Italic tags can allow text to be formatted as italic.
<u> </u> – Underline tags can allow text to be underlined.

Email Attachments

Three different files could be sent: non malicious (used for social engineering), Non malicious which have malicious hyperlinks or malicious files.

Hyperlinks can be sent in an email or attachment. They can be used for many different techniques, like taking the target to a webpage to download malware or credential harvesting.

URL-Shorteners

  • This is a tactic for shortening URLS, to hide their true address.
  • A way to do this is to use https://bitly[.]com
  • To see where a shortened url goes, use an online service like wannabrowser. This lets you visit the site without worrying if it is malicious or not.

Using Legitimate services

Attackers use legitimate services since administrators wont block popular domains like ‘@gmail.com’

Business Email Compromise

  • An attacker will gather date on relationships between businesses which transfer money to each other.
  • Once they have enough knowledge, they will comprimist a email account, and spoof the email so they can tell the other business to direct their payments to a different account (an account owned by the attacker)
  • This is a simple attack that is very successful since it exploits human nature to trust.