DEV Community

Cover image for The Art of Deception: How Phishing Attacks are Becoming More Sophisticated
Ashok Sharma
Ashok Sharma

Posted on

The Art of Deception: How Phishing Attacks are Becoming More Sophisticated

Phishing can be traced to the mid-90s when cybercriminals deceived AOL users into revealing their passwords. Posing as AOL employees, the “pioneering phishers” managed to convince thousands of users to unwittingly facilitate the hijacking of their accounts.

Nearly three decades later, phishing continues to be a major threat. It has even become more sophisticated as it copes with the defenses put up by modern cybersecurity systems. The problem persists, and there seems to be no end in sight.

Here’s a look at the ways by which phishing has evolved to evade cyber defenses and remain effective at being deceptive. Know how a phishing attack is undertaken nowadays and find out the best ways to be protected.


Phishing is driven by deception, which mainly targets people who are less than meticulous about their interactions with messages and interactive online elements. This deception, however, can be subverted by filters that prevent phishing messages from reaching people based on their origin (the email address used and URLs). Phishing prevention systems continuously identify email addresses and URLs used in phishing and make sure that messages from them are blocked or at least an alert is raised to warn recipients.

To counter these email address and URL filters, cybercriminals use email spoofers and other related technologies that can fake the address of an email sender. Fortunately, leading anti-phishing solutions have already developed ways to make sure that email spoofing is properly detected and blocked.

On the other hand, phishing filters can also analyze the content of an email and determine if it can be potentially dangerous. Many of these filters scan the content of emails to look for keywords associated with phishing. This ability to scan content, however, can be counteracted through a number of techniques such as obfuscation, phantom content, and bloating.

Obfuscation is a trick that makes it difficult for phishing filters to grasp the real intent of a message, including the links and buttons therein. It makes use of special characters in between lines of texts to mislead the recipient into doing the opposite of what they deem is the right or safe action.

Phantom content and bloating, on the other hand, are designed to pad the content of an email to make it difficult for phishing filters to determine the right action to take. The phantom content can also hold links to authority pages, which can be viewed favorably by filters.

Voice phishing

Voice phishing or vishing is essentially phishing through voice calls. It involves automated phone calls from spoofed phone numbers. The perpetrators come up with scenarios that compel victims to respond with urgency. This could be the need to update an insurance plan or change the password of an online banking account.

Vishing, even with the use of generic pre-recorded calls, works because of the novelty. Most people expect phishing to be text-based, involving a deceptive message received via email or SMS. Many are caught off-guard when they encounter an attempt to make them submit their personal details and delicate information through a phone call.

There are no automated tools that can work versus vishing. The best defense against it is the awareness of the potential phishing attempt through a phone call

Data mining

The effectiveness of phishing has diminished over the years as phishing awareness increased. To address this, phishing perpetrators employ data mining to personalize their phishing attacks. Instead of casting a wide net and waiting for whatever sticks, phishers make use of data collection techniques to identify their targets and come up with more convincing strategies for deception.

This is usually referred to as spear phishing. Attackers leverage the information they have about a specific individual or organization to make their schemes more convincing. A well-known example of this is the attack on Hillary Clinton’s campaign team back in 2016. This resulted in the compromise of hundreds of emails and the leak of various kinds of data.

To avoid spear phishing, the key is to minimize the amount of data shared online. Avoid creating opportunities for threat actors to take advantage of. Also, it is crucial to have a reliable phishing prevention system.

Page hijacking

Phishing does not only rely on fake websites to collect sensitive information. They can also use the official websites of organizations or individuals. Some websites are vulnerable to cross-site scripting (XSS) attacks that make it possible to obtain the browser cookies or session information of a user’s access to a legitimate site.

XSS is not phishing per se but a tool that aids phishing schemes. As OWASP writes, “URLs constructed in this manner (URLs modified with the malicious code injected) constitute the core of many phishing schemes, whereby an attacker convinces victims to visit a URL that refers to a vulnerable site.” Once the victim clicks on the modified URL, a function is executed to transmit private information to the attacker.

Phishing kits

Lastly, phishing perpetrators use phishing kits that appear to continuously evolve to evade detection. Phishing kits are sets of sophisticated detection evasion and traffic filtering mechanisms designed to make sure that cybersecurity systems are unable to see phishing attacks as threats.

Phishing kits are often sold on the dark web or on cybercrime forums. They are designed as off-the-shelf solutions that allow anyone to launch phishing attacks like a pro. These kits provide most of what threat actors need, including simulated login pages, brand logos, and dynamic web pages. They can allow threat actors to churn out hundreds of fake websites daily to be used in phishing attacks.

Phishing kits are intentionally kept hidden from some traffic that may expose them to threat intelligence gathering systems. They filter search engine crawlers, data analysis bots, and guests from specific locations. They also employ obfuscation methods that help keep them out of the sight of cybersecurity tools. These obfuscation methods include Caesar cipher, page source encoding, invisible HTML tags, string slicing, and randomized HTML attributes.

Advancing sophistication used in nefarious ways

Phishing attacks may be an old problem that refuses to go away, but they are actually a quickly evolving form of cyber threat that should be taken seriously. The phishing methods used before are no longer the same as the ones used now. They evolve in response to the development of new technologies designed to detect and stop them. One thing is for sure though: there is nothing good about phishing. It needs to be stopped, so it is important for everyone to be vigilant about it.

Top comments (0)