Phishing attacks are the primary concern of many individuals and organizations. To avoid the consequences of these attacks, people take precautions considering the characteristics of the regular phishing attacks. But now, there is a new method that is popular among hackers called. These are phishing attacks using local files. The phishing attacks using local files emerge from a very different perspective and the method is worth learning.
Three Common Steps in Phishing Attacks Using Local Files
A three-stage mechanism is used for most usual email attacks. You have likely got many emails like this too, recently.
1. Attackers sent emails with clickable links.
You may be told that you have an overdue bill, an unpaid delivery package, strange access to your bank account, a promotional deal, or any of a large variety of many other convincing strategies.
Attackers gather information about you like your name, your phone number, and address. Or they might know a bank or an organization that you are familiar with; sometimes they take a guess; sometimes they use text that is applicable to any case to trick you.
Attackers sometimes use opening lines like ‘’Hello’’, “Dear Mr”, “Dear Sir”.
The message can be very simple because they just want you to click the link in the email to get into your computer. You have to be cautious when it comes to these messages.
2. Attackers want you to log in to the web page they sent.
Typically, once you’ve clicked the link, a password page opens. The page looks a lot like the actual one, generated by cracking HTML, photos, styles, templates of the actual site.
The fake pages are usually on a real site that has been exploited to serve as a reliable stepping stone.
Since attackers always find someplace that is secure and impossible to be found, in the directory of the actual site, where the rightful owner won’t notice the attack, simple blogs are preferred by hackers.
Or attackers use a web hosting account that can be taken down in a day or two. But long before the website gets shut down, they usually get what they want.
3. Attackers get your credentials with the help of the fake site.
Attackers often use the same site to put into the phishing link and to collect the data. But sometimes they use another platform to gather data from a number of various phishing schemes.
To explain in more detail, the link in the mail is inserted into the HTML code as <A …>. But the link between the code gets you to another site. The phishing site’s URL is usually contained in the HREF=… value right next to the <A>. In fact, <A> is used for the tag of the link, and the HREF= is used for the actual link.
How are phishing attacks using local files different from normal attacks?
In phishing attacks with local files, hackers add an HTML attachment to the email instead of a fake link. They place the login page they use for phishing into this attachment.
1. When adding an HTML attachment instead of a fake link, as in normal attacks:
2. There is no link where you can look for fake or suspicious address names.
3. Instead of the name of the website or HTTPS certificate used in the URL you see, it writes a local file name.
When there is no link available, we automatically look at the address bar of the browser to see if the web page is safe. However, domain addresses of HTML attachments used in these attacks start with file:// instead of http:// or https://. There is no encryption part you can check and a TLS certificate because they really attach a local file to the email.
When you fill out forms on these fake HTML pages, your password is automatically sent to hackers. They can then use this e-mail account to take control of many of your other accounts.
How can we find out where our information is transferred to in phishing attacks using local files?
You can understand these types of attacks using your browser’s Developer Tools.
If you are using Edge, you can open the items tab by pressing F12. This will show you the HTML code of the web page. By searching the word ACTION, you can access URLs linked to all forms on the page. If it’s clear that it has nothing to do with any product or service you use, you can be sure there is a fake form on the site.
Similarly, you can examine the HTML code even if you are using it in Firefox. You must first open Mozilla’s Inspector tool by pressing Ctrl-Shift-I. Then select the Inspector tab and search for the word ACTION. This is how you can access the URLs used by any form on the page to upload data.
If you have a Mac device and are using Safari, you can press Option-Command-I to open the Inspector, then search ACTION to access URLs in HTML code.
So how can we prevent phishing attacks with local files?
- If you have received an e-mail from someone you do not know or you did not expect, never open HTML attachments in that mail. Emails with HTML attachments are only used by hackers who want to trick you.
- When you open an HTML attachment in an email sent to you, avoid logging in to the site that appears. If you are asked to log in to the bank account, blog pages or social media account you are using, go directly to the original site.
- If you think you have fallen victim to a phishing attack, change your passwords immediately. The sooner you change your password, the less time hackers have to use it. Similarly, if you find that the site you entered after entering payment card data is a fake site, call your bank immediately. (Check the back of your card for your bank phone number.)
- Use free simulated phishing tests to get acquainted with these specific phishing attempts. Since phishing attacks with local files are a new concept, you need to prepare yourself using up to date tools. Our phishing simulation tool helps you analyze and evaluate human activities quickly and effectively by sending innocent phishing emails to the employees, monitoring their behaviors, and gathering information. It’s built to put you in charge. Our tool makes it easy to schedule and run phishing attempts and start on the operation.
- Try our cyber security training to increase the cyber security awareness levels of your employees. Our cyber security training is directly linked with our Phishing Simulation tool to automatically integrate users who got fooled by the phishing attempts into relevant and interactive assignments. The module ensures that users learn the features of the phishing attempts and prepare them to recognize potential complex phishing attacks.
“This post is originally published at www.phishing.org.uk”