Email Attack: An email attack occurs when email is used as an attempt to cause damage or harm to either an individual or an organization. Although the mechanisms of email-based attacks vary, the objective is almost always the same: steal money or data.
Browser Attack: Also known as Man-in-the-Browser (MitB) Attack is a type of Man-in-the-Middle (MitM) Attack specifically involving a browser infected with some type of proxy malware. Such attacks are often carried out in an attempt to steal financial information by intercepting a user’s traffic to a banking site.
Types of Email and Browser Attacks
Email is a universal service used by billions worldwide. As one of the most popular services, email has become a major vulnerability to users and organizations. Spam, also known as junk mail, is unsolicited email. In most cases, spam is a method of advertising. However, spam can send harmful links, malware, or deceptive content. The end goal is to obtain sensitive information such as a social security number or bank account information. Most spam comes from multiple computers on networks infected by a virus or worm. These compromised computers send out as much bulk email as possible.
Even with these security features implemented, some spam might still get through. Watch for some of the more common indicators of spam:
- An email has no subject line.
- An email is requesting an update to an account.
- The email text has misspelled words or strange punctuation.
- Links within the email are long and/or cryptic.
- An email looks like correspondence from a legitimate business.
- The email requests that the user open an attachment.
Click here for additional information on spam.
If a user receives an email that contains one or more of these indicators, he or she should not open the email or any attachments. It is very common for an organization’s email policy to require a user receiving this type of email to report it to the cyber security staff. Almost all email providers filter spam. Unfortunately, spam still consumes bandwidth, and the recipient’s server still has to process the message.
Spyware, Adware, and Scareware
Spyware is software that enables a criminal to obtain information about a user’s computer activities. Spyware often includes activity trackers, keystroke collection, and data capture. In an attempt to overcome security measures, spyware often modifies security settings. Spyware often bundles itself with legitimate software or with Trojan horses. Many shareware websites are full of spyware.
Adware typically displays annoying pop-ups to generate revenue for its authors. The malware may analyze user interests by tracking the websites visited. It can then send pop-up advertising pertinent to those sites. Some versions of software automatically install Adware. Some adware only delivers advertisements, but it is also common for adware to come with spyware.
Scareware persuades the user to take a specific action based on fear. Scareware forges pop-up windows that resemble operating system dialogue windows. These windows convey forged messages stating that the system is at risk or needs the execution of a specific program to return to normal operation. In reality, no problems exist, and if the user agrees and allows the mentioned program to execute, malware infects his or her system.
Phishing is a form of fraud. Cyber criminals use email, instant messaging, or other social media to try to gather information such as login credentials or account information by masquerading as a reputable entity or person. Phishing occurs when a malicious party sends a fraudulent email disguised as being from a legitimate, trusted source. The message intent is to trick the recipient into installing malware on his or her device or into sharing personal or financial information. An example of phishing is an email forged to look like it came from a retail store asking the user to click a link to claim a prize. The link may go to a fake site asking for personal information, or it may install a virus.
Spear phishing is a highly targeted phishing attack. While phishing and spear phishing both use emails to reach the victims, spear phishing sends customized emails to a specific person. The criminal researches the target’s interests before sending the email. For example, a criminal learns that the target is interested in cars and has been looking to buy a specific model of car. The criminal joins the same car discussion forum where the target is a member, forges a car sale offering, and sends an email to the target. The email contains a link for pictures of the car. When the target clicks on the link, he or she unknowingly installs malware on the computer. Click here to learn more about email frauds.
Vishing, Smishing, Pharming, and Whaling
Vishing is phishing using voice communication technology. Criminals can spoof calls from legitimate sources using voice over IP (VoIP) technology. Victims may also receive a recorded message that appears legitimate. Criminals want to obtain credit card numbers or other information to steal the victim’s identity. Vishing takes advantage of the fact that people trust the telephone network.
Smishing (Short Message Service phishing) is phishing using text messaging on mobile phones. Criminals impersonate a legitimate source in an attempt to gain the trust of the victim. For example, a smishing attack might send the victim a website link. When the victim visits the website, malware is installed on the mobile phone.
Pharming is the impersonation of a legitimate website in an effort to deceive users into entering their credentials. Pharming misdirects users to a fake website that appears to be official. Victims then enter their personal information thinking that they connected to a legitimate site.
Whaling is a phishing attack that targets high profile targets within an organization such as senior executives. Additional targets include politicians or celebrities.
Click here to read an article from RSA about phishing, smishing, vishing, and whaling.
Browser Plugins and Browser Poisoning
Security breaches can affect web browsers by displaying pop-up advertising, collecting personally identifiable information, or installing adware, viruses, or spyware. A criminal can hack a browser’s executable file, a browser’s components, or its plugins.
The Flash and Shockwave plugins from Adobe enable the development of interesting graphic and cartoon animations that greatly enhance the look and feel of a web page. Plugins display the content developed using the appropriate software.
Until recently, plugins had a remarkable safety record. As Flash-based content grew and became more popular, criminals examined the Flash plugins and software, determined vulnerabilities, and exploited Flash Player. Successful exploitation could cause a system crash or allow a criminal to take control of the affected system. Expect increased data losses to occur as criminals continue to investigate the more popular plugins and protocols for vulnerabilities.
Search engines such as Google work by ranking pages and presenting relevant results based on users’ search queries. Depending on the relevancy of web site content, it may appear higher or lower in the search result list. SEO, short for Search Engine Optimization, is a set of techniques used to improve a website’s ranking by a search engine. While many legitimate companies specialize in optimizing websites to better position them, SEO poisoning uses SEO to make a malicious website appear higher in search results.
The most common goal of SEO poisoning is to increase traffic to malicious sites that may host malware or perform social engineering. To force a malicious site to rank higher in search results, attackers take advantage of popular search terms.
A browser hijacker is malware that alters a computer’s browser settings to redirect the user to websites paid for by the cyber criminals’ customers. Browser hijackers usually install without the user’s permission and are usually part of a drive-by download. A drive-by download is a program that automatically downloads to the computer when a user visits a web site or views an HTML email message. Always read user agreements carefully when downloading programs to avoid this type of malware.
Defending Against Email and Browser Attacks
Methods for dealing with spam include filtering email, educating the user about being cautious towards unknown email(s), and using host/server filters.
It is difficult to stop spam, but there are ways to diminish its effects. For example, most ISPs filter spam before it reaches the user’s inbox. Many antivirus and email software programs automatically perform email filtering. This means that they detect and remove spam from an email inbox.
Organizations must also make employees aware of the dangers of opening email attachments that may contain a virus or a worm. Do not assume that email attachments are safe, even when they come from a trusted contact. A virus may be trying to spread by using the sender’s computer. Always scan email attachments before opening them.
The Anti-Phishing Working Group (APWG) is an industry association focused on eliminating the identity theft and fraud that result from phishing and email spoofing.
Keeping all software updated ensures that the system has all of the latest security patches applied to take away known vulnerabilities. Click here to learn more about avoiding browser attacks.