Intro To Phishing Attack Theory

What Is HTML Phishing?

Most websites return HTML files in some form. The fact that we can view them in the browser also means that they can be 'captured' and relayed, except instead of processing to the legit source, data is often sent elsewhere instead.

Site choice is essentially endless, the idea usually is that the victim types their real credentials in, which goes directly to the hacker's server. Applications of this can range from account hijacking of large scale sites to escalation of identity privilege. This is why a strong recommendation is to stay away from free open or insecure WIFI.

DNS Served HTML Phishing

The above relies on the fact that the victim connects to that very specific IP address. That is much less likely to actually trigger. This adaptation makes use of the fact that users normally use a DNS server to connect to an IP that is mapped to a domain name. We can change what name is associated to what IP. Facebook.com could now resolve to 192.168.1.2 for example.

The danger in this is that it can be tricky to spot. The general idea is that when you would normally use a URL, it is shorthand for an IP address. This attack essentially replaces that address so when the IP is requested the user is sent to the attacker's copy of the target site. This can be used to steal information and is an elaborate way of phishing.

Such an attack could also be used to distribute malware in a drive-by attack. The site could look identical to the legit counterpart but could have malicious payloads that implant malware on the host computer. This can lead to much greater consequences. The thing that is fairly scary about this is how easy it is to set up a DNS server. You can even do so with a raspberry pi in only about 10 minutes.

Spear Phishing

Spear phishing is where emails are sent en masse to lure people into clicking some form of link or file. They are often non-targeted and aim to trick the victim with emotions like urgency, trust, and fear. The idea of these campaigns are not to trick everyone; in fact, as a whole very very few people fall for it. You will get your small minority that it works on, and that's what they rely on.

Tips To Mitigate The Effects Of Phishing

  • Training/Education about the risks of using open wifi

  • Encourage employees to always ask if they are unsure

  • Do not use similar passwords between accounts in case of attack

  • Proper email sanitization ( Scans for common malware)

  • Email header checks ( Do not trust simply an email address, they can be forged)

  • Physical verification ( In person checks in case of important actions)

  • File/link whitelists or blacklists in emails ( Be careful of .exe and .zip especially!)

  • Possibly whitelist what IPs employees can visit.