Phishing attacks rely upon a mix of technical deceit and social engineering practices. In the majority of cases, the phisher must persuade the victim to intentionally perform a series of actions that will provide access to confidential information.



You can make use of a user guide to help a user get a complete understanding of a feature or a product. For example, this is how a user guide might look for using article template


TABLE OF CONTENTS


Different types of phishing attacks


  • Email phishing 

The most common form of phishing, this type of attack uses tactics like phony hyperlinks to lure email recipients into sharing their personal information. Attackers often masquerade as a large account provider like Microsoft or Google, or even a co-worker. 


  • Malware phishing 

Another prevalent phishing approach, this type of attack involves planting malware disguised as a trustworthy attachment (such as a resume or bank statement) in an email. In some cases, opening a malware attachment can paralyze entire IT systems. 


  • Spear phishing 

Where most phishing attacks cast a wide net, spear phishing targets specific individuals by exploiting information gathered through research into their jobs and social lives. These attacks are highly customized, making them particularly effective at bypassing basic cybersecurity.


  • Whaling 

When bad actors target a “big fish” like a business executive or celebrity, it’s called whaling. These scammers often conduct considerable research into their targets to find an opportune moment to steal login credentials or other sensitive information. If you have a lot to lose, whaling attackers have a lot to gain.


  • Smishing 

A combination of the words “SMS” and “phishing,” smishing involves sending text messages disguised as trustworthy communications from businesses like Amazon or FedEx. People are particularly vulnerable to SMS scams, as text messages are delivered in plain text and come across as more personal.




How to Identify a Phishing Attack


Detecting phishing scams requires vigilance and a degree of scepticism. Recognising fraudulent emails and websites can be challenging, owing to the diversity of attacks and the sophistication of the phisher. However, asking yourself these questions may help you spot suspicious emails:


  • When did I receive this email?

The time an email was dispatched can provide clues about its legitimacy. For instance, an email delivered at odd hours such as 2 a.m. could be potentially suspicious compared to one received during typical working hours.


  • Am I familiar with the sender?

Pay close attention to the sender details of any email you receive. Confirm that the name in the 'Form:' field aligns with the sender's actual identity. If someone claiming to know you sends an email but you cannot recognise them, it's likely that the email is a spam or phishing attempt.


  • Do the links within the email direct to genuine sites?

Skilled phishers frequently construct counterfeit domains that resemble those of renowned companies to trick victims. For instance, a phisher might send an email aiming to lure you to a fake website.


Trained users might know to mouse over links to check URLs before clicking them. This action reveals the actual link target URL. However, in a more advance redirection attack this safety measure may fail, as the URL’s redirect action is not clearly apparent. In order to detect it, one needs to be aware of all the redirection tricks.


Common Redirection Attacks


  • Redirection using @: 

A common redirection trick is to use @ after a legitimate domain. For example: https://sale.manoloblahnik.com@%47%4F%4F%47%4C%45%2E%43%4F%4D. The link for sale.manoloblahnik.com is a legitimate trusted site. However it will redirect you to google.com. Attacker can modify the link after the @ sign to redirect you into other pages.


  • State redirection: 

Depending on the architecture of the vulnerable site, redirection can occur following specific actions, such as logging in or page loading. For example: example.com/login.html?RelayState=https://somebadsite[.]xyz 

This link is to the login page of example.com, which is a legitimate, trusted site, in which the user has an account. Upon successful login, the user is immediately redirected to somebadsite[.]xyz.


  • Query redirection:

A URL to a site that accepts redirection can include a redirection destination as a query defined by q= . For example: example.com/view.php?q=https://badsite[.]xyz In this case, the application view.php is accepting the query string q=somebadsite[.]xyz and redirecting to “somebadsite[.]xyz


How to Avoid Redirection Attacks

  • Does the URL contain any of the redirection methods mentioned above? 
  • Does the URL in the address bar match the content of the page?
  • Does it contain multiple domains? 


  • Is there a correlation between the subject and the content of the email?

Examine the email content closely. If the subject line seems vague or unrelated to the body of the email, it might be a phishing attempt. Often, these subject lines convey urgency or alarm, and are characterised by unusual punctuation and capitalisation. The most commonly clicked phishing emails have subject lines such as "Urgent", "Security Alert", or "Urgent Action Required"


  • How accurate are the grammar and spellings?

Major corporations invest resources in ensuring their communication are professionally written. Thus, it is uncommon to find spelling and grammar mistakes in legitimate emails from well-established brand. Read emails attentively, and be cautious of consistent, noticeable errors.


Please be vigilant and be cautious at all times. Report suspicious email to the support portal or delete the email from your mailbox. Do not response to any of the suspicious email or text. If you response to any of the scam, it will confirm you actually exists, triggering more phishing email attempts in the future.


Reference

Protect yourself from phishing - Microsoft Support

What is Phishing? | Microsoft Security 

Phishing attacks Dealing with suspicious emails | National Cyber Security Centre

What is a phishing attack? | Cloudflare 

CWE - CWE-601: URL Redirection to Untrusted Site ('Open Redirect') (4.11) | The MITRE Corporation

Open Redirection: What is this phishing technique, and how do I defend against it?