LoginShield is designed for use with any website or network application, and is the first authentication system that includes protection against phishing attacks.
We can categorize phishing attacks in a variety of ways:
- by the harm they do; credential theft, identity theft, malware, payment fraud
- by their knowledge of the victim; net phishing, spear phishing, whaling, cloning
- by the medium they use to reach the victim; ad, email, qrcode, search, sms, social network, telephone
- by their appeal to the victim's motives; anger, envy, fear, greed, lust, pride
If you need assistance in mapping out the various threats or in making a plan for addressing each one, please contact us.
Phishing attacks often (but not always) masquerade as an organization or individual that might be trusted by the victim:
- a government agency
- a bank or utility
- a charity asking for a donation, especially after a recent disaster
- a merchant
- a name from the victim's contacts
- a familiar-sounding but generic or random name
They also use a variety of tricks to support their masquerade, such as:
- URLs with homographs, misspellings, or familiar-looking subdomains of unrelated domains
- brand spoofing which could use a name, logo, color scheme, or a clone of actual content from that brand on an email or website
- tiny URLs that hide the actual destination URL at the moment a person is considering it
- proxy websites that relay actual content from the original domain, and intercept the victim's interactions with it
Phishing attacks can harm their victims in the following ways:
However, while a phishing attack may start as any one of the above types, the attackers can pivot and exploit additional information obtained from the victim to cause harm in another way.
LoginShield was designed to protect against credential theft phishing attacks. LoginShield includes a proven solution that stops 100% of credential theft phishing attacks on accounts where LoginShield has been activated.
LoginShield does not protect against the other three kinds.
If you need assistance in mapping out the various threats or in making a plan for addressing the other kinds of phishing after you adopt LoginShield, please contact us.
Credential theft phishing attacks attempt to trick the victim into entering their login credentials into the attacker's website.
Sophisticated attacks can also collect two-factor codes, which is also called a proxy phishing attack, man-in-the-middle attack, or 2FA-bypass attack.
Use of a second factor such as OTP or SMS does not protect against credential theft phishing attacks.
LoginShield was designed to prevent this type of phishing attack. The LoginShield app routes users around untrusted sites and back to the website they intended to visit.
Unlike other anti-phishing solutions that rely on compiling an ever-growing database of malicious domains, or running heuristics to decide if an email might be malicious, LoginShield includes a proven solution that stops 100% of credential theft phishing attacks on accounts where LoginShield has been activated.
Identity theft phishing attacks attempt to trick the victim into sending their name, date of birth, passport number, state ID numbers or documents, etc. The attackers then use that information to impersonate the victim for the purpose of obtaining access to credit, bank accounts, utilities, government benefits, etc.
An example of an identity theft is a phone call where someone claiming to be a healthcare providers needs to "verify" your personal information before talking to you. There are legitimate healthcare providers that actually do this, so victims might have difficulty discerning a legitimate call from an identity theft phishing call.
LoginShield does not protect against identity theft attacks.
We do have a solution to identity theft attacks and we are developing it. If you're interested, please contact us.
Malware phishing attacks attempt to trick the victim into running a malicious executable on their device, either directly as a program, or indirectly as a file opened in another program.
A malware executable may contain an exploit for flaws in the operating system, drivers, or other software that it can access. A malware document to be opened by another program contains an exploit for flaws in that program so it can run arbitrary code, and then as a second stage it tries to exploit vulnerabilities in the operating system, drivers, or other software that it can access.
LoginShield does not protect against malware attacks.
A malware attack can be further categorized according to its behavior:
- adware: interrupts the victim's use of the device to displays ads
- botnet: uses the victim's device in an orchestrated activity, such as cryptocurrency mining, ad click fraud, product review fraud, comment spamming, distributed denial of service attack, or network surveillance
- keylogger: collects the victim's keystrokes, touch gestures, and mouse movements
- ransomware: encrypts the victim's files and demands a ransom for decrypting
- rootkit: exploits insecure software to gain administrative privileges, uses administrative privileges to hide itself from the victim, and creates a backdoor for more malware to be installed
- spyware: collects pictures, video, call history (on mobile), browsing history, email, location, nearby networks, conversations in SMS, Skype, WhatsApp, etc. and can take screenshots of what victim is doing
- trojan: pretends to be legitimate software while performing any of the malware activities
- virus: exploits insecure software to gain privileges, modifies existing software or files on the victim's device to perform any of the malware activities, destroys the device or its data
- worm: replicates itself, abuses victim's software to send copies of itself via email attachments, instant messaging, or file sharing to the victim's contacts or to other devices on the same network, modifies or deletes files, or installs additional malware
To defend against these attacks, administrators can:
- run an anti-virus on the server to scan emails for malicious attachments
- configure clients to prevent execution of unauthorized programs
- configure clients to execute each unauthorized program in an isolated sandbox
Payment fraud attacks attempt to trick the victim into making a payment or sending payment information to the attacker.
LoginShield does not protect against payment fraud attacks.
However, in an enterprise setting, LoginShield can be used to mitigate payment fraud attacks. If you need this in your enterprise, please contact us.
Phishing attacks can happen without any knowledge of the victim, with some limited knowledge, or with detailed knowledge of the victim:
Any of these approaches can lead to any of the types of harm for the victim.
Net phishing attacks are a broad stroke against anyone who the attackers can reach. Generally, the attackers don't know anything about the victim other than their contact address, and in some cases (for example ad phishing) they don't even know the victim's address.
The messages are often generic, and they could be about a variety of topics, but generally they attempt to exploit greed and fear in the victims to trick them into taking some action.
A phishing attack can lead to any of the types of harm for the victim.
Spear phishing attacks target a specific group or individual. The difference between a spear phishing attack and a regular phishing attack is that the content of the message is intended to increase the chance that the target group or individual would be tricked into taking an action.
A spear phishing attack can lead to any of the types of harm for the victim.
Whaling attacks target a specific high-value individual. The difference between a whaling attack and a regular phishing or spear phishing attack is that whaling attacks typically start by gathering information about the individual, the company where they work, their contacts at that company, their family, friends, etc. and then attempt to leverage that detailed information into tricking the victim into taking an action.
A whaling attack can lead to any of the types of harm for the victim.
A clone phishing attack exploits knowledge of a legitimate message the target already received. In a cloning attack, the attacker sends a message impersonating the original sender, with content that looks the same as the original message, but with an attachment or link swapped out for a malicious one. The attacker claims an excuse such as having to resend the original, or having updated something, and asks the victim to use this newer copy instead.
A cloning attack can leverage any email account that would have received the same email as the victim. For example, the attacker may have previously hacked an email account of another customer or employee. Alternatively, the attacker may be a customer or employee and directly received a copy of the original message.
A cloning attack can lead to any of the types of harm for the victim.
Phishing attacks can reach their victims by a variety of media:
Any of these approaches can lead to any of the types of harm for the victim.
Ad phishing attacks reach their victims by placing ads in search engines, through ad networks, or individual websites.
Ad phishing attacks attempt to trigger the victim's greed or fear into following the link.
An ad phishing attack can lead to any of the types of harm for the victim.
Email phishing attacks are sent by email. Email has been commonly used for many phishing attacks since the Internet became mainstream in households.
While many email phishing attacks are poorly constructed with incorrect spelling, grammar, or an unbelievable story, they have been effective and there isn't a real technical barrier to sending a normal-looking email. To make matters worse, some companies send legitimate emails that look like email phishing attacks (for example, "we suspended access to your account"), making it more difficult for their users to discern a legitimate email from a phishing email.
An email phishing attack can lead to any of the types of harm for the victim.
QR code phishing
QR code phishing attacks reach their victims by posting a QR code for victims to capture with their camera and automatically open the phishing website. The QR code may be embedded in a poster promising some reward, or it may be placed over a legitimate QR code.
For example, if a merchant or public place posts a sign with a QR code for visitors to obtain more information, an attacker could cover up that QR code with their own QR code that will link visitors to the phishing website.
A QR code phishing attack can lead to any of the types of harm for the victim.
Search phishing attacks reach their victims by achieving a high ranking in search results and trick their victims into thinking they are legitimate sites.
A search phishing attack can lead to any of the types of harm for the victim.
SMS phishing attacks are sent by SMS. They are also called "smishing" attacks.
An SMS phishing attack can lead to any of the types of harm for the victim.
Social network phishing
Social network phishing attacks reach their victims through their social networks. These are also called social media phishing attacks.
A famous kind of social network phishing is Catfishing, where the attacker creates a fake profile on a social network or dating site, and attempts to trick victims into sending money to help with a variety of "problems" (payment fraud) or to collect personal information about the victims that can be exploited for identity theft.
A social network phishing attack can lead to any of the types of harm for the victim.
Telephone phishing attacks reach their victims by calling the victim's phone number or using another voice chat technology such as VoIP. They are also called "vishing" attacks.
Telephone phishing attacks are conducted by both automated tools, or bots, and by human operators.
A telephone phishing attack can lead to any of the types of harm for the victim.
Phishing attacks appeal to the victims in a variety of ways:
Phishing attacks using the appeal of anger may exploit recent events, or make up entirely fictional events, that might provoke anger or outrage in a person. Because they are designed to trick people into responding, they typically exaggerate whatever subject matter that is selected.
While sensational and hyped headlines are common in legitimate news or entertainment outlets, phishing attacks use the same techniques to cause harm to the victim. For example, an email might claim that something horrible is happening and ask the victim to sign an online petition, which then gives the attacker an approach to identity theft, payment fraud, and to install malware.
Phishing attacks using the appeal of envy may provoke a victim to responding by exploiting their desire for having something more. They might pretend to offer a solution in some way, via a service or product, including "information products" that claim to teach the victim how to achieve their desires. Of course, there are many legitimate information products, so victims are tricked into thinking the offer is legitimate, when in fact it is a scam.
- diet or weight loss
- how to "break in" to a coveted industry, profession, or gig
- muscle mass or definition
- penis enlargement
- sexual stamina
Phishing attacks using the appeal of fear may provoke a victim to responding by exploiting both real and fictitious situations that could be relevant to the victim. The attackers typically threaten the victim with dire consequences if they don't respond or comply with the attacker's demands.
- Arrest warrant from DEA, FBI, police, etc.
- Debt collectors threatening foreclosure or civil suit for non-payment
- Health care provider with urgent news about you or a family member
- Tax collectors threatening jail time or fines for non-payment
- Warranty expired or expiring soon for your car, phone, etc.
- We caught you watching porn, having an affair, etc.
- You've been hacked, there's a virus on your system, we can remove it for you
Phishing attacks using the appeal of greed may provoke a victim into responding by offering a way to make money with little effort on the part of the victim.
Some of the most famous phishing scams are in this category.
There are multitudes of advance fee schemes featuring a Nigerian prince, a government official, or a bank official, estate manager, or military general who needs help extracting money from an account that has been forgotten by the organization or belongs to a person who died without a will or any heirs.
There are also variations on the Spanish prisoner scam where a rich person or a distant relative was unjustly imprisoned, kidnapped, or exiled, and they can't get to their money right now, but if you help secure their release then you can have some of that unreachable money.
- Advance fee schemes, including Nigerian prince, Spanish prisoner, etc.
- Easy business loans
- Free vacation and prizes
- Get rich quick schemes
- Lost account schemes, including a distant relative died and left you all their money
- Student loans
These appeals may be combined with any harm.
Phishing attacks using the appeal of lust may provoke a victim into responding by offering pornography, online sexual activities such as games or video chat, or sex.
Attackers may exploit any information they already have about the victim, such as their IP address, to make the offer more personalized. These attacks are typically payment fraud but could pivot to other types of harm.
Phishing attacks using the appeal of pride may provoke a victim into responding by praising the victim's achievements.
An example is a type of "who's who" scam, a published list or event at which industry VIP's or high achievers will be honored. They are thoroughly impressed with your profile and want to include you in the next list or event. They need you to send your biography and a small payment. Later there may be problems and they'll need more information or more money.
While there are organizations that publish such lists on a regular basis (for example, Forbes) there are many more scammers who trick people into paying for placement in a bogus list or event, or disclosing their personal information.