# PHISHING
---
Phishing is stealing information and credentials or taking a control of a computer or system with a malicious code by tricking targets into clicking on a link or downloading malicious file ex. From attachment.
---
# Goals :goal_net:
- Personal & financial information :money_with_wings: :id:
- Credentials :information_source:
- Confidental Intel :page_facing_up:
- Control :computer:
---
# Types
## Email
- Includes attachment or malicious URL that leads to a phishing site.
- Attachment may contain documents or files w/malicious code.
- URL leading to fakesite which looks like a legitimate site.
- Mass mailing
## Spear
- Similar to email but more sophisticated approach, takes time and research.
- Targeted to a specific individual, business or organization
## Methods:
### Display name spoofing:
- Ex. Attacker is impersonating as co-worker. Only the senders name is falsified and does not correspond to the senders email address.
### Domain spoofing:
- Senders address is falsified. More difficult to identify but different methods are used in companies and organizations for prevention such as:
DMARC: https://dmarc.org/
SPF:https://web.archive.org/web/20190222070146/http://www.openspf.org/Introduction
### Look-alike domain:
- Email address is similar to the real real address ex. acme.com can be acme.inc.com. This counts on user not paying attention.
---
## FLOW
---
```graphviz
digraph hierarchy {
nodesep=1.0 // increases the separation between nodes
node [color=black,fontname=Courier,shape=box, fontcolor=black,]
edge [color=black, style=dashed]
Phishing_Start->{site attachment}
site->{distribute_link}
distribute_link->{social_media email}
attachment->{email}
social_media->{target}
email->{target}
target->{click_or_clickclick}
click_or_clickclick->{phishing_site}
click_or_clickclick->{download_execute}
download_execute->{malicious_file}
phishing_site->{ask}
ask->{credentials credit_card}
credentials->{result}
credit_card->{result}
result->{identity_freud__finacial_loss}
malicious_file->{result}
result->{control_systems data_theft }
}
```
---
## EXAMPLES
--
#### ex1
- Fake mail with signs of forgery
---
#### ex 2
- Page looks authentic with encrypted connection, but URL certainly does not.
---
#### ex 3
- This is will rely on user not paying attention
---
# :bulb:
## Checklist:
### Cloned sites
- Original site is copied. Usually some type of login page, when user put his/hers credentials to the fakesite, the fakesite redirects user to the real site.
### URLs
- Hyper links and short URLs can be used to hide the real URL
- Hovering mouse over the hyperlink reveals the real URL
- Different URL checkers can be used to reveal the full URL from short URL.
### Email characteristics
- Spelling errors or strange statements
- Urgency, vague threats or other consequenses
- Requests account information, passwords etc...
### Look-alike / Typosquatting
- Targets user that mistypes website name.
- Name is close to the original. Ex. facebook facebook-team faceb00k etc..
- Squatters register domain names that are similar to the original.
### Padlock
- The connection is encrypted.The padlock symbol in the address bar alone wont guarantee safety, Anyone can get a encrypted connection to their site.
- Scammer can be running a look-alike domain website with cerificates for achieving that encrypted connection.
---
slide: https://hackmd.io/@phish123/rJiLmuqZ_
Sign in with Wallet
Connect another wallet