So, time for another article in our little theme series, and the topic for today is....wait for it...PHISHING :)
I thought it would be a great time to talk a bit about what is is, and how it actually works, the mechanisms behind it all.
And no, this is not an introduction to phishing server setup, or payload creation. It's seen from the other side :)
So, what is Phishing, how does it all work ? Phishing is the act of sending unsolicited email to others, in the hope of getting them to do something they normally wouldn't do.
That can be buying into that great stock option you have, as in the good ol' "pump 'n dump scheme. Nigeria letters, from some "prince" that ask for help in getting his funds out of the country before it collapses.
OR, what about those sweet russian ladies, that are sooo lonely, and just wait for you to come and save them ?
They try to trick people, or influence them to make a bad decision in a split second. If they can get you to go to some website the attacker control, or download a file, and open that, they win.
In the worst case, they end up controlling your machine, your bank account, or simply, if you're just lucky, get your credit card number or take over your email or social network accounts.
But why, when we know it's bad or stupid to react to those links, do people do it ? What's wrong with us ?
Well, nothing really. It's simply just how we humans are wired psychologically to respond. Its a technique know as "Amygdala Hijacking" that's taking place. It's based on the fact, that we humans can't react emotionally AND logically at the same time. If we react emotionally, we stop critical thinking for a split second. This is from Wikipedia
The output of sense organs is first received by the thalamus. Part of the thalamus' stimuli goes directly to the amygdala or "emotional/irrational brain", while other parts are sent to the neocortex or "thinking/rational brain". If the amygdala perceives a match to the stimulus, i.e., if the record of experiences in the hippocampus tells the amygdala that it is a fight, flight or freeze situation, then the amygdala triggers the HPA (hypothalmic-pituitary-adrenal) axis and hijacks the rational brain. This emotional brain activity processes information milliseconds earlier than the rational brain, so in case of a match, the amygdala acts before any possible direction from the neocortex can be received. If, however, the amygdala does not find any match to the stimulus received with its recorded threatening situations, then it acts according to the directions received from the neocortex. When the amygdala perceives a threat, it can lead that person to react irrationally and destructively.[3]
Goleman states that emotions "make us pay attention right now—this is urgent—and gives us an immediate action plan without having to think twice. The emotional component evolved very early: Do I eat it, or does it eat me?" The emotional response "can take over the rest of the brain in a millisecond if threatened."[4][5] An amygdala hijack exhibits three signs: strong emotional reaction, sudden onset, and post-episode realization if the reaction was inappropriate.[4]
So, if an attacker can trigger one of the basic emotions, them being anger, happiness, surprise, disgust, sadness, and fear, there's a good chance that he (or she), can perform an Amygdala Hijack Attack, switch off critical thinking, and prompt a response or action. It's also a technique Social Engineers use, and female Social Engineers, have one extra strategy, especially when targeting a male, namely sex.
(Sorry guys, admit it. When someone hot comes on to you, it's not the upper head that's getting the blood, admit it :) )
So, that's why, in the Corona times, it's especially effective to play on peoples fear, pitty, or curiosity. We all want to get the latest updates right ? We all want to help our fellow beings, right ?
Where I live, there's been scams circulating with false / unsafe "helping equipment", or false suppliers. We've seen home invasions, with the perpetrators pretending to be from government health programs, there to do Corona testing, and stealing from people. We tend to think that people are good, that we can trust each other, we want to help each other, and that's a golden scenario for any Social Engineer or phisher.
So how does this all work. When it comes to Social Engineering, and getting people to comply, there's a basic strategy, that shows when people are more willing to do what you tell them ot, or answer questions, how innocent they might be.
Authority - People have a tendency to comply, when the request is made from someone they think has authority, or is acting on behalf of some who has authority.
So, maybe the next time someone is calling you and claiming to be from IT, maybe you really shouldn't install that update anyway, but call back, and check in with someone you KNOW is from IT :)
Liking - People have a tendency to comply when the person making the request has been able to establish himself / herself as likable, having similar interests, beliefs and attitudes.
Reciprocation - We may automatically comply, with a request when we have been given or promised something of value, or percieved value. Like material item, advice, help or the like.
Social validation - We tend to comply when doing so, appears to be in line with what everybody else is doing, or thinks is okay.
Scarcity - We have a tendency to comply, when we believe that an object is in short supply, or only available for a short time.
Think of all the good deals you get flooded with on a daily basis. Funny as most of the time it's a kind of "Today only, xxx% Off" . Why ?, because it works :)
Now we know a bit about "how it works", in chapter two, C-Days - Phishing analyzed, we'll have a look at a typical email, and anaylyze it a bit.