THE TECHNICALITY OF PHISHING

The practice of phishing could be traced to 1900’s, when it was an ordinary attack
which does not require sophisticated tools such as programming languages (Java,
Python, C##), creating of Malware emails, cloning of websites and Phone Call
tricking etc.

Phishers have now improved on their attacks to the extend they use unfamiliarized
tools which Network Security such as Firewalls, Intrusion Detection System, Virtual
Private Networks and Intrusion Prevention System cannot detect so easily. The
upgrade comes through the new innovation in Technology, as technology paves way
to some certain things in the world. Phishers can go along way in learning some
programming skills to ensure that their mission is a success.

Phishing attacks comprise deceptive methods which is used to trick unwitting victims
into sharing of their sensitive information such as username and password, credit
card numbers, or other personals details.
Commonly known Phishing Attacks include:
 Email Phishing
 Spear Phishing
 Smishing
 Vishing
 Clone Phishing
 Search Engine Phishing
 Malware-Based Phishing

These methods depend on how a phisher want to attack unwitting victim into
collecting of sensitive information.

TECHNICALITY OF PHISHING IN WEBSITE CLONING

The Internet is a global place where various of website are stored in a server and
attackers use that as a leverage to attack individuals by cloning of legitimate website
in the name of being the real website. So many websites on the internet are not all
genuine as phishers use some to carry out their notorious activities.

Among the phishing attack methodology, clone phishing is the most proficient way in
which phishers use to trick individuals into gaining sensitive information. Creating of
fake copies of legitimate emails, websites or social profiles to trick users into
providing sensitive information.

HOW DOES CLONING WEBSITE BEING CARRIED OUT

To carryout Cloning Website, the phisher undergoes these three steps:

1. CREATING A PHISHING SITE USING TOOL:- Phishers that have
knowledge of website development tends to apply their skill in cloning of
 legitimate website in other to gain sensitive information from individuals such
as Username and Password, Credit Card and other personal information.

Some phishers go to some phishing site such as “BLACKEYE” to create a phishing

Site. Blackeye is a well-known website used for cloning of legitimate website and
making a fake one in other to gain access to sensitive information. Blackeye contents
some already made fake website which assist phishers in carrying out their notorious
activities. This site captures login details of an individual as the individual thinks the
website is the legitimate website.

List of Already made Site in Blackeye Tool

 Instagram
 Facebook
 Snapchat
 Dropbox
 Adobe ID
 Shopitfy
 eBay
 Amazo
 Amazon etc.

Blackeye Tool contains the famous and fake websites which parades as the
legitimate ones. Phishers use Blackeye to trick individual in exposing their personal
details which they will use to hack the individual.

2. DELIVER THE FAKE SITE TO TARGET: After the site have been created
either by using the knowledge of programming language or by using “BLACKEYE
TOOL”, the phisher then sends the site to the targeted individual either by sending
an email containing the illegitimate website parading as legitimate which redirects
the individual to the fake website (when the link is been clicked) or squeezing it in
into a website so as to make the individual to click the link.

3. WAIT FOR TARGET TO BITE THE BAIT AND COLLECT THEIR

INFORMATION: When the fake website has been dispatched to the
targeted victim. The phisher waits for the victim to click on the click and when
the individual does. Every detail being filled is been transferred to the phisher
main system which the unwitting victim does not know about.

EXAMPLE

Let us use a fake Amazon Site which was created from “BLACKEYE TOOL” for an
instant. When the site is been deployed to the targeted victim by sending an email
(such as click here to validate your email ) to the targeted individual posing as
an Amazon Staff and when the individual sees that, its thought will be it is a
legitimate email direct from the Amazon Staff and then click on it. When the
individual clicks on the site, it redirects the individual to the fake Amazon site while
the phisherman screen notify the phisher of the bait.
The unwitting victim fills the personal details such as Username and Password, and
try logging into his account. When the unwitting victim must have input all the
credentials and clicks on login, the individual will then be brought to the legitimate
site of the Amazon but unknowing to the individual, its personal details have been
captured by the phisher to be used on the long-run

The use of Blackeye has increased over the years as phisher consider it as the best
tool to gain sensitive information from unwitting victims.

QUESTIONS:
1. WHAT RISK DO COMMON PROGRAMMING LANGUAGE POSE:

Programming Languages do not pose a direct in phishing attack rather it is how they
are used that can contribute to the risk. Programming language such as Python,
Powershell, Ruby, Perl could be considered as building blocks of Phishing
Methodologies because they aid in Clone Phishing, Malware-Based Phishing and
Search Engine Phishing etc. The creation of site which can aid in cloning of
legitimate website and developing of malware are mainly carried out by PHP,
HTML/CSS/Javascript and Python.

Also, Exploitation and Obfuscation are dangers that programming languages pose in
phishing attack when they are not used appropriately.

2. HOW DO ATTACKERS EXPLOIT VULNERABILITIES IN SYSTEM AND

SOFTWARE?
There are ways in which attackers exploit vulnerabilities in system and software,
they include:
 Buffer Overflows
 SQL injection
 Cross-Site Scripting (XSS)
 Missing Access Controls
 Default/Weak Credentials
 Unpatched Software
 Outdated Software

Among all, Outdated Systems Software and Unpatched Software are the major way
in which an attacker can exploit vulnerabilities in a system and software. When a
system or software is not regularly updated or patched it creates a backdoor
(loophole) for attackers to gain access to the software and system.

3. WHAT ARE THE KEY COMPONENTS OF PHISHING EMAILS,

WEBSITES AND MESSAGES?
The Components of Phishing Emails, Websites and Messages include:

 Spoofed Sender Address: The email address, website and message which the
sender disguised to be the legitimate owner.
  Sense of Urgency: Creating a false alarm which makes the unwitting victim to
hurriedly click on the link
 Logos and Branding
 Threats of Account Suspension
 Requesting for Sensitive information
 Spoofer Caller ID
 Requesting unusual Action

4. WHAT ROLE DO DOMAIN SPOOFING, URL OBFUSCATION AND OTHER

TECHNICAL STRATEGIES PLAY IN PHISHING CAMPAIGNS?

Domain Spoofing, URL Obfuscation and other Technical Strategies are used by
phishers to make their emails, website and messages looks more legitimate to
individual in other to evade detection and glitches.

Phishers register domains that look similar to the real website, usually using
misspelling, different TLDs or Subdomain so as to make their victim not to notice a
change.

For example, let use Amazon website, if a phisher wants to register a website that is
similar to Amazon (which their domain name is amazon.com), the phisher will
misspell it as amazon.com.phishing.net so that the changes will not be quite much.

A Phisher can obfuscate a URL in emails or webpages by using redirect links, URL
Shortener services etc. this hides the malicious destination of the illegitimate
website. The obfuscation URL hides the true destination of malicious in other to
bypass Security filters. This is why some Network Security such as Firewalls, VPN,
IDS and IPS is unable to detect a malicious traffic as the URL of a Website has been
obfuscated.

Other Technical methods such as Website Forgeries, SSL Certificates, Technical

Jargon and Email header manipulation plays a significant role in Phishing Attack as it
is considered as the major processes in which a phisher hides it true intention so as
not to be detected or discovered out.

5. WHAT KIND OF SECURITY REQUIREMENT CAN A BUSINESS USE TO

MITIGATE PHISHING?

To fight against phishing, some security requirements are to be adhered and carried
out, they include:

 MULTI-FACTOR AUTHENTICATION
 ENDPOINT PROTECTION
 EMAIL SECURITY
 WEB CONTENT FILTERING
 CYBERSECURITY AWARENESS TRAINING
 LIMIT PRIVILEGES
  ENCOURAGE STRONG PASSWORD POLICY
 EMAIL AUTHENTICATION
 REGULAR UPDATE OF SOFTWARE AND SYSTEM PATCHES
 CONTROL 3RD PARTY ACCESS.

Combining employee training on cybersecurity awareness with layered technical

defenses provides overlapping security to catch phishing threat and that is the most
security requirement which helps in mitigating phishing attack.

REFERENCE

CISA's page on phishing: https://www.cisa.gov/uscert/ncas/tips/ST04-014

Microsoft's list of phishing email/message signs:

https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/detect-
phishing-emails-messages?view=o365-worldwide

APWG's research on phishing activity trends: https://apwg.org/trendsreports/

FTC's advice on recognizing phishing: https://consumer.ftc.gov/articles/how-
recognize-and-avoid-phishing-scams

Proofpoint's blog on latest phishing tactics: https://www.proofpoint.com/us/threat-

insight/post/top-phishing-tactics-and-techniques-to-watch-out-for-in-2021

OWASP's list of phishing attack mechanisms:

https://owasp.org/www-community/attacks/Phishing