Subscribe to our RssFollow us on Twitter!Follow us on Facebook!Check out our Youtube!

Phishing Attacks: A Secret and Elaborate Game

Phishing
Phishing Attacks: A Secret and Elaborate Game

As simple as a single phishing email may look like, it is actually the product of a very intricate setup that involves a wide network of players.

Phishing Attacks: A Secret and Elaborate Game

Do you ever wonder how phishing attacks work? Certainly the nine million victims that these attacks incur every year in the United States alone would want to know. As simple as a single phishing email may look like, it is actually the product of a very intricate setup that involves a wide network of players. To fall into the trap of a phishing attack is to get yourself caught in a sticky spider’s web.

A phishing attack is an elaborate game with very high stakes. In order to protect yourself from being the loser in this game, you would need to know how the game works and how the other players would move.

Planning the Game

You will see just how elaborately a phishing attack is carried out in the way the groundwork of the game is planned. The masterminds of the attack are careful in laying out the elements of the trap. They will have accomplices, both willing partners and unwitting agents.

One thing you would need to know about the masterminds of this kind of cybercrime is that they are highly creative people and are experts at what they do. They have links to organized crime and they have plenty of resources at their disposal.

To execute the perfect cybercrime, the masterminds have a lot of tasks ahead of them. Among these many tasks are:

1. Selecting the targets. The masterminds would need to know what businesses or institutions they will be targeting to carry out their game. The target could be anything – an online marketplace like eBay, a financial middleman like PayPal, a social networking website like Facebook, or any of the hundreds of massively multiplayer online games (MMOGs) currently in operation. They would test these targets for possible vulnerabilities as well as see how they can be copied.

2. Collecting email addresses. At the same time as the selection of targets, the masterminds would be collecting email addresses of potential victims. They will have fielded robots all across the cyberspace to gather these addresses automatically. They can also conduct dictionary attacks where random email addresses are generated and only the valid ones are kept. Masterminds are known to focus on specific targets as well.

3. Setting up the website. Once they have learned how to copy their target, the masterminds would put up a fake website that would look as close to its target as possible so as not to generate suspicion from its victims. It will also have a domain that is similar to the domain of the target company to allay suspicions further. This website will be hosted by several servers simultaneously and will serve as the conduit for their heinous activities.

Regardless of the number of tasks involved in executing a massive phishing attack, there is no doubt that the most important of these is coming up with the perfect phishing email. If this whole scheme is a tightly sprung trap, this email is the bait that will set the victims biting.

A phishing email is a literary gem in itself. It has to be sympathetic and motivational enough so that its readers will be induced to click on the provided link. Once the link is clicked, it will download the malware that will steal the victim’s personal information.

Running the Game

Once the masterminds have got their game laid out and their traps set up, the time comes for them to get the game running. The websites that they have created will be put online and their phishing emails will be sent to millions upon millions of recipients on the Internet.

These emails are usually sent using various networks of zombies or non-human senders. Any computer on a network that is not protected by or regularly scanned with an updated and professional-level firewall and anti-virus software is a potential zombie. More often than not, the people on these networks are not aware that they are being used as conduits of phishing attacks.

One nature of these attacks is that they often start on a legal holiday or on a weekend. The reason for that is that the security team safeguarding the target company’s website is usually absent or in reduced capacity. Phishing attacks strike quick and hard; the fake website can only stay online for a few hours or a few days before reports of the attack start pouring in with the targeted company.

Pulling the Bluff

Within a few hours after the phishing email has been sent, the masterminds will have collected data from its intended victims. A recipient of the email, not knowing that he or she is walking into the trap, may give the masterminds of the game the information that they want, such as usernames and passwords, credit card and bank account numbers, social security numbers, and personal identification numbers.

These data are then stored in the masterminds’ database and will go through a series of validations. Afterwards, the money will be withdrawn and collected electronically from these stolen accounts and then laundered through various means. These stolen funds will pass through the hands of so many money mules before they reach the hands of the masterminds. This will ensure that the money will disappear without leaving a trace.

What is a money mule? A money mule is one of the many accomplices of the masterminds of the phishing attack. The mule will have an account in the targeted company and will be the one to make the fund transfers. He or she uses online money transferring services such as ePasseporte, E-Gold, WebMoney and Western Union. In return for making these transfers, the mule receives a small share of the stolen money.

It is possible that the mule does not know that he or she is an accomplice in a scam and that he or she has transferred the money without knowing that it was stolen. The problem here is that the mules are the ones often caught by the authorities and mistaken as the masterminds.

Once the bluff has been pulled and the funds already collected, the masterminds of the whole scheme will shut down the fake website. They will then start their vanishing act and cover their tracks.

Covering the Tracks

This is where the chase begins. Reports of the fraud will have started pouring in with the targeted company. The targeted company will then deploy its Internet security teams as well as online security firms to find out exactly what happened. The company will also send out emails and other communications with their clients as well as with various service providers all over the world to inform them of the phishing attack.

By this time, the masterminds will have covered their tracks. The money will have been transferred through various mules and the personal information they collected are deleted or sold in the black market. The number of middlemen involved in the scheme will ensure that the masterminds will remain anonymous and the funds they have stolen liquidated.

More often than not, the trail goes cold here. There would be so many directions open to authorities to pursue the masterminds, but the number of middlemen involved in the phishing attack and the resulting fraud will have caused confusion among them.

The Aftermath of the Game

After all is said and done, the targeted company will have no choice but to reimburse what was stolen from the victims during the phishing attack. Usually, the victims are compensated in full for what they have lost.

There are many reasons why financial institutions will reimburse the money stolen in a phishing attack in full. However, the most important one is that doing business online is more profitable for them than on-site transactions. To keep their clients doing business with them online, they will do everything they can to keep them happy and to keep their own reputations clean.

Nonetheless, there is always the threat of another phishing attack. As long as the Internet exists and there are criminal organizations more than willing to fund such schemes, there will always be masterminds plotting another one of this intricate and elaborate game. It becomes your job to ensure that you will not be a victim of these phishing attacks.

Recovermypc Inc.


Related Articles

What is Phishing and How is it Used? Ensuring Phishing & E-mail Safety What Phishing Is And Ways To Prevent It How to Prevent Phishing?

Share

About Author