This article explores various effective phishing techniques deployed by cybercriminals to deceive users into divulging sensitive information. Techniques discussed include homograph attacks, address bar spoofing, and others that exploit user trust and browser features. Affected: users, online platforms, digital security
Keypoints :
- Website phishing is a common social engineering attack.
- Attackers utilize various techniques to create deceptive web pages.
- Address bar spoofing manipulates the URL displayed to users.
- Homograph attacks use similar characters from different scripts to create fake domains.
- Fake pop-up logins appear as legitimate login windows to steal credentials.
- Malicious redirects lead users from legitimate sites to phishing sites.
- Browser-in-the-browser attacks create a fake browser window mimicking real sites.
- SEO poisoning manipulates search results to promote malicious sites.
- QR code phishing allows attackers to redirect victims to malicious sites using scanned QR codes.
MITRE Techniques :
- Address Bar Spoofing (T1071.001): Manipulates the address bar to display a legitimate URL, deceiving users into entering sensitive information.
- Homograph Attack (T1071.003): Creates visually similar domain names using different character scripts to impersonate legitimate sites.
- Fake Pop-up Login (T1071.004): Uses deceptive pop-up windows to capture user credentials.
- Malicious Redirects (T1071.005): Redirects users from legitimate to malicious sites without their knowledge.
- Browser-in-the-Browser Attack (T1071.006): Creates fake browser interfaces within real browsers to steal login information.