Phishing Attack Simulation

Phishing – The assonance with fishing must not mislead. Phishing is a very sneaky type of attack which is claiming more and more victims in the last period. In the following chapter we are going to show some figures related to the size of the Phishing phenomenon. In the meantime, in order to face this issue, Swascan offers its innovative service: the Phishing Simulation Attack and here – at the following link – you can find the Phishing Simulation Attack ( simulated phishing test ) brochure.

As a matter of fact, it is a fraud with a specific goal: stealing information such as:

  • Passwords;
  • Banking information;

In order to achieve this goal there are a lot of ways and we are going to analyze some of these ways in the following chapters (as you’ll see, the list can be pretty long). This is something to consider, phishing is not just a simple e-mail. There is a higher and higher sophistication degree behind these attacks and this level is going to grow more and more in the next years.

Phishing Simulation Attack solutions allow to face this phishing phenomenon with a Human Factor test ensuring an effective training and awareness activity.

In the following chapters, as promised, we are going to analyze:

  • Phishing: market size
  • Methodology of Phishing attacks
  • Phishing attack: techniques
    • Pharming o DNSBased phishing;
    • Tabnabbing;
    • Fast flux;
    • Malware-Based phishing;
    • Man-in-The-Middle phishing;
    • Smishing;
    • Deceptive phishing;
    • Rock phish kit;
    • Search engine phishing;
    • Vishing
  • Phishing: how to defend yourself
  • Swascan Phishing Simulator

Assess the Phishing Risk of your company with the Phishing Simulation Attack service.

Phishing: market size

According to MarketsAndMarkets digits, phishing global market has become a pretty big deal and in the long run, it’s going to grow even bigger.

Let’s try to be more specific: the size of the global phishing market in 2017 was around 840 million dollars.

We are considering a 5 years’ timeframe for this analysis, from 2017 to 2022. During these years, the growth rate of the market (CAGR) almost touches 11%. This growth rate assumes that in 2022 the global size of the phishing market will reach 1.401,6 million dollars.

Just a quick view at these digits is enough to understand how big this phenomenon is going to become: the number of phishers (hackers who launch phishing attacks) is already high and in the next years, according to MarketsAndMarkets, is going to grow higher. Consequently, the amount of victims will increase significantly.

Assess the Phishing Risk of your company with the Phishing Simulation Attack service.

Methodology of Phishing attacks

In this chapter we will briefly show the “standard” phases of a phishing attack. However, there is an important aspect to consider: these steps do not represent all of the existing techniques used to carry our phishing attacks and we will see later how complicated these techniques can be.

Here we summarize the phishing process:

  1. The Criminal Hacker sends an e-mail to the potential victim. Most of the times, the user finds this communication very appealing. In order to persuade the victim to take the bait, the phisher often introduces in the message corporate logos and represents feasible situations,… There is a pretty high chance to find common patterns and schemes in phishing e-mails, they are likely to picture some of the following situations: renewal and expiry of credit cards, the lack of sufficient information to register on a well-known website, password-related issues and much more,…
  2. The user, through clicking a link or downloading an attachment, is redirected to an infected website. This infected website is likely to be a cheap imitation of the legit website. This “trick” has a specific goal: encourage the user to insert his login credentials.
  3. The user who takes the bait has just gone through a data theft, this data is now in phisher’s possession. The Cyber Attacker can now use this data as he likes and one of the most frequent things that happen is the sale of this information in Dark Web’s big bazar.

Assess the Phishing Risk of your company with the Phishing Simulation Attack service.

Phishing attack: techniques

Depending on the “tool” that the Cyber Attacker uses, we have different phishing methodologies. Through this list we are showing the main ones and the related actions carried out by the Cyber Criminals during these attacks.

Pharming o DNS-Based phishing

As you can see from the title of the paragraph, the key element in this technique is the DNS (Domain Name Address) address that allows the browsing. This technique makes it possible to skip a step: the e-mail opening. Every Cyber Criminal can gather a lot of information at the same time on different users. How us this possible? Whenever a Cyber Attacker tampers with the DNS address, the user finds himself on a clone website which is completely similar to the legit one. Hackers developed some serious skills that allow them to build websites which look exactly like the original ones and the unaware user inserts his login credentials with the belief of not being on a fake website. Once the user inserts his information, this information is immediately in possession of the Criminal Hacker.


Tabnabbing comes from a very common habit: opening several tabs in the browser and leaving those tabs open. How does the process work? We can try to sum this process up in six different steps:

  1. The user clicks on the link of page he is interested in;
  2. The tab stays open but the user does not browse it immediately. It often happens that the loading process takes a few seconds;
  3. During this time gap, the user browses different tabs;
  4. The page which has been previously opened is not a legit web page but it looks like one. In this page, login information is required;
  5. The user keeps on browsing different tabs and “forgets” he has previously opened a non-secure web page;
  6. Going back on the infected page, that looks like a legit one, the user inserts his credentials and this information is now in possession of the Cyber Criminal.

Fast flux

What is a fast flux attack?  Basically, the attacker sends an e-mail including a link to a website which the potential victim could consider as legit. The user who clicks on the link is immediately redirected to a server belonging to a botnet (an infected network). This network has previously been infected by a malware that gives the Cyber Criminal the full control.

During the next phase, the user, who finds himself in a mock-up website which looks similar to the legit one, inserts his login credential. This fake website immediately absorbs this information.

Once the credentials have been absorbed, the user is redirected to the legit website right away, completely unaware of what happened.

Cyber Criminal actually protect this infected domain very effectively. Basically, this is the fluxing: quickly rotating the IP addresses associated to other infected bots. Adopting such a solution makes the IP “blacklisting” useless.

Malware-Based phishing

Here in this paragraph, we are going to analyze different malware-related phishing options and possible scenarios. These attacks are the normal consequence of the execution of an infected software (a malware) on the victim’s device. However, how is it possible that this software finds itself on the victim’s device?

Here we have different options, such as: the exploit of a well-known vulnerability or social engineering could be an option as well. This software which runs on the device captures information and sends it to the Cyber Criminal.

As we’ve previously mentioned, there are different versions of malware-based phishing attacks. Following a short list:

  • Keyloggers: this is a very peculiar attack methodology. Infected softwares which run these attacks install themselves inside input tools (often keyboards) or browsers. This is how these software capture the information which the unaware victim inserts and once the information has been captured, they send it immediately to the Cyber Criminal. In this case, Criminal Hackers prove to be very innovative: keyboards and mouses not the only possible input tools, that’s why we have screenloggers. These screenloggers monitor displays in order to capture on-screen information.
  • Web trojans: trojans are extremely dangerous, through an infected software in the login sections, they send login information directly to the Cyber Criminal.In the following image, you can see the flux and the logic sequence that this specific methodology follows:

Trojan Phishing

  • Session hijacking: it’s easy to immediately understand what we’re talking about right here. User’s session is what’s been targeted. Basically, the attack consists of a “cookie theft”. Cookies have the specific purpose of authenticating a user on a remote server. As a matter of fact, a lot of websites use session cookies and such cookies allow the user not to insert his credentials a second time. Obviously, anyone who breaks this circle and steals session cookies could pass himself off as the legit user.

Session Hijacking Phishing

Man-in-The-Middle phishing

The Man in The Middle (the one who carries out the attack) manages to put himself in between of the victim and the legit website. In this profitable position, the Cyber Criminal can easily intercept the messages which should get to the victim and can use those messages to access the website. Here you can see how this attack works:

Man in The Middle Phishing

These are really hard to detect Cyber Attacks. The user is completely unaware of the situation and finds himself on a website which apparently works as it should. A potential victim could not suspect anything even though he is in the middle of a Man in The Middle (sorry for the word game) Attack.


The name smishing comes from the medium which is used to carry out such attacks: the SMS. The victim receives an SMS from (for example) his bank and this fake communication looks exactly like a real one in order to persuade the victim of its truth. In this SMS, the Cyber Attacker asks the user to follow a Call to Action that might be the update of his login credentials. The attacker, at the same time, gets:

  • The login credentials of the user;
  • The medium that the user wants to use in order to receive the OTP – the password that allows the authentication to the online service.

Once he received this information, he illegally activates a SIM card and gets the password instead of the unaware user. Unfortunately, next steps are pretty obvious: victim’s money is in real danger.

Deceptive phishing

Probably, this is the most well-known phishing version. During the past few years, phishing techniques significantly improved. As you can see from the daily phishing messages you receive in your inbox, it is not uncommon to have grammatically perfect e-mails. This is quite an accomplishment for phishers.

These messages tend to leverage on the psychologic aspect of human nature. Just try to imagine – what would be your first reaction to this: your bank writes you an e-mail: “you need to urgently update your login credentials otherwise you could face a dangerous situation”. If you do not have any idea of the existence of phishing (like the majority of the population), you would be really scared and you’d probably run update your credentials. Moreover, once you click on this infected link to update them, you’d probably land on a clone website which looks exactly like your bank’s one.

This clone website is an ad-hoc-creation of the Cyber Criminal which manages to get the victim’s credentials and use them as he likes.

This makes one crucial point even clearer: training is essential in order to win this fight against phishing threats.

Phishing Attack

Rock phish kit

The same way you have at your disposal exploits kits for well-known vulnerabilities in the Dark Web bazar, you also have ready-made phishing tools available. Rock Phish Kit allows anyone to create:

  • The e-mails, with the hyperlink to the clone website, that will be used to carry out the phishing campaign;
  • The clone website which looks exactly like the original one. The only difference between the original and the copy? Forms to gather information.

Search engine phishing

This special technique shows once more how impressive the imagination of Cyber Attackers is. Here the Criminal Hacker puts on the table his knowledge in SEO as well. He indexes content on the search engines: after fake websites have been created, the hacker does its best to rank these websites in the better positions. The unaware user can easily consider one of these websites as legit and proceed with an online purchase.

All of the information that the user provides are stolen by the Cyber Criminal that can use it as he likes. Obviously, this technique has no boundaries in terms of creativity: we can see real marketing campaigns in order to promote fake websites and fool users.


The first step of this technique is nothing new compared to what we have already seen: the victim receives a message from his bank (for example) with a specific and immediate Call to Action. We start seeing something different during the second step of the process: the Cyber Criminal does not ask the user to browse a specific website to update his credentials, he asks the user to call a specific number.

Who’s on the other end of the phone? A fake help-desk who’ll ask the victim for his personal information.

Considering a psychologic point of view, this technique could have catastrophic consequences. Most likely, a person will not trust an e-mail or an electronic message no matter how well structured it is. However, it is completely different as far as human contact is concerned: you are talking to a person who should do his job, it’s easy to be persuaded in such a scenario.

Assess the Phishing Risk of your company with the Phishing Simulation Attack service.

Phishing simulation: how to defend yourself

We’ve just seen how many different threats we are facing in these days but how can we defend ourselves from such dangerous attack techniques? The answer is not so easy to find and it’s impossible to sum it up in a few lines. However, there’s a key element that we need to mention first: every company must heavily invest on staff training – this is priority number one. Companies need to:

  • As we’ve just said: train the employees, this is the most important point of the whole process;
  • Keep web browsers as updated as possible;
  • Run periodic Vulnerability Assessment activities in order to prevent security issues related to websites and web applications;
  • Carry out periodic Network Scan activities that ensure the security of the IT infrastructure;
  • Employees should follow the following steps which are the ideal steps to follow for every user.

Everyone, in order to avoid phishing threats, should:

  • Constantly check his bank account: movements and transactions need to be tracked in order to be aware in case of anything suspicious happens;
  • Mark anything potentially dangerous as SPAM. If you think you are the target of a phishing campaign, warn your e-mail provider marking the content as SPAM;
  • Always double check the sender of the message. As we’ve seen before, a possible sign of phishing is the grammar error: read the message through and through in order to spot these errors;
  • Whenever you spot a phishing e-mail, do not follow any link or download any attachment;
  • Do not keep too many tabs open in your browser, we’ve just seen how dangerous tabnabbing attacks could be.

However, as stated before, the crucial point is training and how can a company train his staff efficiently? In order to generate awareness in this sense and avoid future phishing threats, a Phishing Simulation Attack is crucial.

Swascan Phishing Simulation Attack

Swascan, in order to face the rising phishing threat, created an innovative service that allows companies to train employees in a very effective and cost-cutting way. Here you can find the Phishing Simulation Attack ( simulated phishing test ) brochure.

Swascan newest service ensures prevention in case of a phishing attack through real attack simulations. As a matter of fact, these campaigns offer the unique opportunity to generate awareness around phishing. Employees, thanks to this service, will be able to spot and avoid real phishing e-mails. Companies can:

  • Create simulated attacks that include “infected” links;
  • Deliver attack campaigns in more than 30 languages;
  • Understand your organization’s risk and act accordingly.

In addition to this, companies have multiple benefits deriving from simulated phishing tests, some of them are:

  • Reduce the risk of successful phishing attacks;
  • Educate their employees on identifying phishing;
  • Reduce security HR training costs;
  • Meet compliance standards.

For any additional information on the Phishing Simulation Attack service, please contact us at: [email protected]

Assess the Phishing Risk of your company with the Phishing Simulation Attack service.

…in the meantime, clicking on the button below, you can start a Free Trial of our Vulnerability Assessment & Network Scan solutions.

Cyber Incident Swascan Emergency

Contact us for immediate support

The undersigned, as data subject, DECLARES that I have read and understood the content of the privacy policy pursuant to Article 13, GDPR. AGREE to the processing of data in relation to the sending by the Data Controller of commercial and / or promotional communications relating to (i) own products / services, or (ii) products / services offered by third parties.
The consent given may be revoked at any time by contacting the Data Controller at the addresses provided in the aforementioned privacy policy.