Eight Classification of Phishing Attacks in Cyber Security: Informative Guide

The eight main classification of phishing attacks are explained below,

1.Blacklist and Whitelist

This is probably the most straightforward solution for anti-phishing.

The list of known phishing sites is known as the Blacklist. The list of legitimate sites is known as the Whitelist.

Most of the current phishing techniques rely on a combination of both these lists.

The representative blacklist or whitelist based systems include Phishtank, SiteChecker, Google safe Browsing, FirePhish etc.

Hence, these anti-phishing solutions work by installing extensions to web browsers or as toolbars. This warns the users whenever they visit a fake site. 

2. Classification of Phishing Attacks based on Heuristics

Heuristics-based methods employ the common characters of phishing sites. The characteristic keywords used in Web pages or URLs in order to detect new phishing sites are used. Thus, these are not yet listed in blacklists.

Thus, the heuristic approach recognizes the fraudulent web sites. It recognizes by analysing the characteristics, similarity and relationship with the legitimate websites.

a) Visual similarity based phishing

 It is the look and feel that deceives the victims. 

Hence, the owner of the legitimate website or its agent should be able to compare. They compare the suspicious URLs and the corresponding web pages with the legitimate ones in visual aspects.

b) Role of phishing in Uniform Resource Locator (URL)

Attackers constantly evolve new patterns to direct the users of legitimate websites to fake ones.  S0, it is important to check the URL.

Most of the times, the phishing web pages use visually similar content to that of the legitimate web sites. Thus, they lure visitors to enter their sensitive information without creating any suspicion in the user’s minds.

Here is the example,

Type #1

                    <a href = www.welcome.com”>www.abcdbank.com</a>

The hyperlinked URL which is visible to the user may be legitimate (banking site). But the actual URL will lead to a phishing web site.

Type #2

http://www.abc.cgi-co.com

Here, the URL of the phishing web sites starts with a legitimate name. But it may lead to phishing web sites. “-cgi” or “cgi-” both are the common substring in the phishing URLs.

Type #3

http://69.129.5.2/secured.com

Here, it uses a dotted-decimal number. The IP address instead of the domain name may lead to phishing web sites.

Type #4

http://www.1dbc.com

Here, there is a small difference in spelling. The URL above is the duplicate URL of http://www.idbc.com.

Type #5

http://visa.com/rDirl=http://200.251.251.10/

Here, the HTTP request is redirected from the legitimate website to some other phishing web sites.

Type #6

http://www.citybank.com.update.com

Here, the attackers may lead and ask the client to visit the fake website using fake URLs.

These are some of the various ways to redirect the users into the phishing website and they steal their sensitive information.

c) Domain based Phishing

The statistics of domain-based phishing attacks as given by the antiphishing-working group are analyzed. Here, commercial websites (.com) are facing maximum attacks.

It is mainly because of the compromised web server. There the attacker uploads a single piece of his phishing content.

This is followed by updating the webserver configuration. Here, it adds the phishing content to every other hostname the webserver is hosting.

Thus, all the other websites will also start displaying the phishing pages through a custom sub-directory.

d) Role of Password Attacking in Phishing

Phishing is the most widely used method to hack or steal passwords.

This is done by displaying the fake login page known commonly as the spoofed page.

The users will enter their login details believing that the page on display is a legitimate one.

The look and feel are the same. But, the batch program that runs in the background makes the difference.

This will direct to malicious website.

The phish pages will look similar to the legitimate ones. But the URL in the address bar will be different.

Smart phishing pages sends the stolen information, like passwords to the hacker. But redirects the requests to the original page.

Thus, the victim will never know what really happened in the background. But, his account is already hacked.

Hence, it is very important to protect the password. Some different techniques have been used to protect passwords

3. Deceptive phishing

This is broadcasting the links of the bogus sites through emails and instant messengers. It spreads the information with attractive discounts.

For example, Requesting quick reply, account verification, apologies for system failure with a request to re-enter/reset the account details.

4. Classification of Phishing Attacks based on Malware

In the classification of phishing attacks, malware is sent as an attachment. It may be hidden into a downloadable file hosted in the website. It can inject into the applications by exploiting their security vulnerability.

5. Hosts File Poisoning

In the Internet, the web address translates into its IP address.

Hackers poison this host list, by inserting the address of the fake websites. Here, information is collected and stolen.

6. Classification of Phishing Attacks based on Content Injection Phishing

This is done by way of replacing a part of the website with the content that is injected with the malicious code.

It misleads the users to part with their confidential information.

Hence, this type of Phishing is very difficult to detect.

The hackers position themselves somewhere in-between the user and the legitimate website or system.

The hackers intercept the information, to record it silently without interrupting the flow. Thus, users’ transactions are not affected.

The recorded information uses later either to gain entry into the server or to sell in the market.

7. Classification of Phishing Attacks based on Search engine phishing

Here, the fake websites are indexed legitimately with search engines.

This will get them displayed in the top search results. This leads to more traffic during the search. 

This attracts more people to the website, to fool around.

8. Tab nabbing

An innocent-looking page opened in a browser tab covers itself as the login page of a popular web application. This is when the user’s focus is on a different tab.

Closing Remarks,

These are some of the probable classifications of phishing attacks in a web application. Thus, phishing plays a vital role, deceiving individuals and organizations in a tremendous way.

Here’s a few links of favorite resources on this topic..

  1. https://smartsecuritytips.com/server-side-phishing-filtering-techniques/
  2. https://smartsecuritytips.com/smishing-and-vishing-quick-guide-to-be-alert/
  3. https://smartsecuritytips.com/twelve-indications-you-have-been-hacked/
  4. https://smartsecuritytips.com/cyber-security-threats-during-covid-19-2/