PHISHING -- SCOWL ForT
Initial Access Vector
Phishing is the FIRST delivery method for other types of malicious software
Deployment of A Phishing Attack
Inject malware
Distribute ransomware
Types of Phishing
Spear Phishing
Whaling or Whale Phishing
Catphishing
Clone Phishing
Voice Phishing
SMS Phishing
Phishing Techniques
Social Engineering -- psychological manipulation
Covert Redirect -- camouflages legitimate links with a redirect
Other Techniques -- directs the user to a legitimate website with a popup window requesting credentials
Website Forgery -- uses JavaScript commands to alter the address bar of the spoofed website
Link Manipulation -- invitation to spoofed websites via email
Filter Evasion -- image embedded
Tabnabbing -- loads the fake page in the user browser's open tabs
Data Breaches
Top 2 Attack Vectors today:
Phishing Attacks
Stolen Credentials
Snapshot of Phishing Statistics
92% of malware - is delivered via email1
95% of all Enterprise Networks are the result of successful spear phishing2
97% of users cannot identify a sophisticated phishing email3
>100,000 USD reportedly netted the scammers in spear phishing4
45% of all emails sent are spam5
14.5 billion spam emails sent daily5
Date Number of Unique Phishing Sites6
2020 Q2 146,994
2020 Q1 165,772
Misinformation
Phishing the UNphishable is indeed Possible7
FIPS compliant appliances enable phishing-proof8,9,10,11,12
phishing-proof encompasses 100% DEFEATED SCOWL FT is a false claim😂
Notes::
1) Alert Logic
2) Sans Institute
3) security affairs
4) spear phishing: Twitter, Jul/Aug 2020
5) Propeller
6) Statista -- determined by the unique base URLs of the phishing sites
7) Wired
8) whaling: CIO
9) catphishing: malwarebytes
10) clone phishing - electromagnetic attack: PortSwigger, Jan 2021
11) vishing: securitybrief.eu
12) smishing: FCC warnings
