LAW COLLEGE DEHRADUN

Research paper

Submitted in partial fulfilment for the satisfaction of cyber law project

ON

Study on phishing attacks, types , and case studies

By

Takam Takar and Nitin Mehra

LLB Hons.

Under The Supervision of

Mr. Hitesh Bhatt

Assistant professor in law

2021-2022

Table of contents
Declaration

Acknowledgement

Abstract

1. Introduction
1.1 Phishing
1.2 Objective
1.3 History of phishing
2. Types of phishing
3. Laws related to phishing in India
4. Case studies
5. Statistics
6. Remedies against phishing attack
7. Conclusion
8. reference

DECLARATION
Mr. Takam Takar and Mr. Nitin more, students of law college Dehradun undertake that. We
completed this research paper sincerely, with no contribution from any other person. As the
authors of the research paper, we declare that the research paper is not plagiarised and any
material used is properly referred.

We undertake if found guilty of any plagiarism, ASST. Professor Mr. Mahesh Bhatt has the
rights to cancel our project.

Student signatures _________________________

_____________________

ACKNOWLEDGEMENT
Foremost, we would like to convey our sincere gratitude and thank Asst. Professor Mahesh Bhatt
for guiding us through the completion of this research paper. Without his constant and
continuous support, the completion of this research paper would have not been possible.

We would also like to thank our friends and family member for being our pillar of strength
throughout the process of this project. We could have not done it without them.

Takam Takar & Nitin Mehra

LLB Hons.

STUDY ON PHISHING ATTACKS, TYPES, AND CASE STUDIES

Abstract
In this era of cyberspace, people indiscriminately share their personal information online for the
entire world to see, making them more vulnerable to cyber crimes. Phishing is the most effective
form of cyber attack, wherein the attacker deceives the victim and steals their sensitive and
personal data. This study learns and spreads awareness about the danger of phishing attacks. The
lack of education about phishing is why people continuously fall victim to phishing attacks.
There is no definite solution for phishing attacks.

1.INTRODUCTION
In recent years, there has been a significant growth in internet usage. With this, we are also
seeing a rise in cyber crimes. Phishing is one of the most common form of a cyber crime. Many
people fall victim to phishing attacks every year. Anyone one from an average Joe to a head of a
multinational company, can be the target of a phishing attack. Phishing attacks are becoming
more sophisticated and likewise, researchers are also trying to find more ways to detect and
mitigate their impact.

1.1.Phishing
It is a type of social engineering attack often used by the attacker to get user’s personal and
financial data, such as login credentials and credit card information. In a phishing attack, the
attacker acts and pretends to be a trusted entity, and tricks a victim by emailing or text message
as a bait. When the victim gets tricked into opening the malicious link, it can lead to installation
of malware, ransomware, and make confidential information available to the hacker.

1.2.Objective
The primary aim of our research paper is to learn and spread knowledge about phishing attacks.
We also focus on the safety measures we can take to prevent phishing attacks.

1.3.History of phishing attacks

According to records, the first phishing attack happened in mid-90s. when the hackers used the
American online (AOL) platform to steal the user's data. They would pose as AOL employees
and send email and instant messages. These messages would request the user to verify their
account to confirm their billing information.1

1
The Term Phishing is Introduced as Part of Hacking AOL,1994, Jeremy Norman’s
HistoryofInformation.comExploring the History of Information and Media through Timelines
Later, the focus of phishing attacks shifted to online payment services. e-gold, one of the leading
online payment services in early 2000s, would fall victim to phishing attacks. Members of e-gold
would receive emails requesting them to update their account information. These emails contain
links to malicious link, which were intended to steal members credentials and passwords.
Although this attack was deem unsuccessful, it planted an important seed.2

2.Types of phishing attacks

Most of us believe we can identify a phishing attack, but even tech savvy individual can fall a
prey to a phishing attack. There are lots of different ways in which a person can fall victim to a
phishing attack. Following are different phishing attack:

 Email phishing

It is the most common phishing attack used by the hackers. The target for this attack is
broad and can be conducted in a mass. The hacker sends out these emails to any email
accounts available to her. The hacker usually sends a message with a sense of urgency
like your account has been compromised, these emails contain suspicious links or
attachments. The goal of these attacks is generally to get any personal or sensitive
information and do damages to your computer.

These attacks are usually easy to spot as often there are spelling or grammatical mistakes
in the email. You should just ignore them. But some of the emails are more carefully
crafted with no spelling mistakes or grammatical errors. Checking the email source or the
provided link’s URL for any clues, can help you in identifying these phishing attacks.

Example: in December 2020, a data breach happened at a US health provide Elara

Caring, personal details of more than 100,000 elderly were exposed. This data breach
happened due to an email phishing scam. The health care provide said that they have
conducted enhanced security training for its personal to better combat against phishing
scams.3

 Spear phishing

2
Bullion and Bandits: The Improbable Rise and Fall of E-Gold, author ‘Kim Zetter’,WIRED.
https://www.wired.com/2009/06/e-gold/

3
Elara Caring phishing attack exposes 100,000 patients’ data, by Sara Ngyuen,PAUBOX,
https://www.paubox.com/blog/elara-caring-phishing-attack-exposes-100000-patients-data/
 Unlike standard email phishing, Spear phishing is a more personalized and targeted form of
phishing. The hackers has a good amount of information about the individual. Such as, his
name, job title, his family and even his hobbies. The hacker can easily get this information
from an individual through his/her social media account. These email seems to have come
from a legitimate and trustworthy source. The emails is usually very personal and
professional. There is no spelling or grammatical errors and the format is splendid. The
contents of the email is tailored to the recipient.
It is very tricky to spot spear phishing, if you are not careful.

Example: this attack targeted one of the executive of an American company named among
the top 50 most innovative companies around the world. The email sent contained an
attachment which lead the executive to a bogus Microsoft office 365 login page. The fake
login page already had the executives username, making the page more realistic.4

 Whaling

The targets of whaling attacks are senior executives such as CEO and CFOs. They are
targeted in order to steals sensitive and confidential information of a company. The emails
are carefully crafted with solid understanding of business language and tone. They appear
to come from trusted partners of the company. Sometimes the emails may appear to come
from a senior executive of the organisation, which makes the employees reluctant to deny a
request from someone important in the organisation.

In many whaling attacks, the attacker’s goal is to manipulate victim into authorizing high
value money transfer to the attacker.

Example: a co-founder of an Australian hedge fund received an email containing a zoom

link, that planted a malware on the hedge funds corporate network. After accessing the
corporate emails, the hacker acted as a company representative and authorized millions of
dollars in transaction to foreign bank accounts, almost causing a loss of $8.7 million5.

4
Blox Tales #15: Credential Phishing Attack Performs Real-Time Active Directory Authentication, by Team
Armorblox, Armorblox, https://www.armorblox.com/blog/blox-tales-credential-phishing-attack-performs-real-time-
active-directory-authentication/
  Angler phishing

Angler phishing also known as social media phishing. The hacker looks for his victims on
social media, as many information is already made available by the people themselves on
their social media. The hacker usually sends messages to the victims, that appear to have
come directly from a social media app or site. These messages usually contain malicious
links and attachments.
Another way in which they trick their victim is by masquerading as costumer care agent, a
hacker tricks their victim into giving them confidential information. To avoid angler
phishing never post any sensitive personal information on social media
Example: you complain about a product or service on your twitter. A hacker pretends to be
the company’s customer service agent and tries to help you. Thus making you expose your
personal and financial information.
.

 smishing

Similiar to phishing, hacker tricks victim into clicking malicious links/attachments,

Handing over confidential and sensitive information about the victims. But instead of
emails the hacker uses smart phones text messages to trick its victims.

Example: a smishing campaign happened in the U.S, where the attackers disguised as the
United States Post Office, sent out messages informing the recipients to click on a link to
view details about an upcoming package delivery. The malicious link actually took the
victims to various web sites design to steal their Google account credentials.

 Vishing
The perpetrator uses telephonic conversation to steal sensitive information from the victim.
They generally use sophisticate scare tactics and emotional manipulation to cause the
victims to surrender sensitive information.

For example: a hacker may act as a fraud investigator from your bank and credit card
company or pose as a top manger from the company.

 Pharming

5
Hedge Fund Closes Down After Cyber Attack, by Bruce Sussman, the SECURE WORLD sessions,
https://www.secureworld.io/industry-news/hedge-fund-closes-after-bec-cyber-attac
 Pharming is a type of phishing where the hacker redirects the user who is trying to reach a
website to a different/fake website. These fraudulent websites looks very similar to the
website that the victim is trying to visit, hence making it much harder to spot these scams.
This is done with the intention of stealing a person’s Personally Identifiable Information
and login credentials, including a person’s password and social security number. The
hackers usually targets the websites in financial sectors, such as banks, ecommerce sites,
and online payment platform. The goal is often identity theft.

Example: a campaign launched by Mr. Juan Guaido called volunteers for Venezuela. The
volunteers where asked on the website to give their personal information such as their
name, DoB, home address etc. After few days a fraudulent website appeared with the same
IP Address as the original website. So any data they entered on the genuine website also
filtered to the fake website. This resulted in data theft of thousand of volunteers.6

 Pop-up phishing
When people visit shady websites there are lot of pop-up notifications. The hacker can
place malicious codes in these pop-up notifications. These pop-ups typically are about the
security of their computer, which prompts unsuspecting website visitors to download
necessary antivirus, which turns out to be a malicious malware.
Although most of us use pop-up blockers, it is still a risk. The hackers have found different
loopholes around these pop-up blockers. The newer version of pop-up phishing uses the
website notification feature to trick its victims.
Example: pop-up notification you get when you visit pornographic or pirated movie sites,
contain malicious code and malware

 Clone phishing

It is a type of cyber attack in which the attacker tricks the victim by copying a legitimate
email that is sent from a trusted source. The attacker changes the original link with a fake
link to trick the recipient into providing personal information.
Example:

 Evil twin attacks

6
DNS Manipulation in Venezuela in regards to the Humanitarian Aid Campaign, by Global Research & Analysis
Team, Kaspersky Lab, https://securelist.com/dns-manipulation-in-venezuela/89592/
 An evil twin attack is a cyber attack in which a hacker setups a fake Wi-Fi network that
looks like a legitimate access point. If someone uses this fake Wi-Fi network, the hacker
can engage in man in the middle or eavesdropping attack. The hacker can steal confidential
and sensitive information from the victim. The victim won’t have any idea that the hacker is
intercepting his data, because the hacker owns the equipments being used.
They can also lure the victims to phishing sites through the malicious Wi-Fi network from
which the hacker can easily get all the sensitive and personal data from the victim.

Example: the inspector general of the U.S department of interior internal system did an
exercise using 200$ homemade hacking kits. Where the attackers used Evil twin to steal
credentials.7

 Watering hole attack

A watering hole attack is a sophisticated form of phishing attack, where the attacker doesn’t
directly attack the victim. The attacker compromises a specific group of user by infecting
the website they regularly visit with malicious code and malware. The goal of this attack is
to infect a targeted user’s computer and access the targeted workplace. The target of these
attacks are usually employees of large corporation, human right organisation and
governments offices.

 Search engine phishing

Search engine phishing occurs through search engines, the hackers create their own
websites and gets it index on genuine and trustworthy search engines like Google and Bing.
These websites often entice the customers by advertising cheap products and incredible
deals, when the unsuspecting shoppers visit these sites they are prompted to register or enter
their bank account details to complete the purchase. And the scammers use their personal
data for monetary gain and identity theft.

Example: Google detected 20 billion spam related pages every day in 2020

7
Interior IG Team Used Evil Twins and $200 Tech to Hack Department Wi-Fi Networks, by Aaron Boyd, senior
editor, NEXT GOV, https://www.nextgov.com/cybersecurity/2020/09/interior-ig-team-used-evil-twins-and-200-
tech-hack-department-wi-fi-networks/168521/
 3.Laws related to phishing in India

The Information Technology Act, 2000

Phishing is a cyber crime and comes under many provisions of The Information
Technology Act, 2000. This act was amended in 2008, adding some more new provisions to
deal with phishing. Following are the sections, which can apply to phishing:-
Section 66: As the victims information and data is fraudulently altered or stolen by the
phisher, thus making the phisher punishable under section 66 of IT Act, 2000.8
Section 66A: As the disguised email misleads and deceives the victim, it comes under the
provision of section 66A of IT Act,2000.
Section66B: As the phisher dishonestly receives the information, he is punishable under
Section66B of IT Act, 2000
Section66C: As the attacker uses credentials of an individual to disguise himself, he is
punishable under this Act.
Section66D: The fraudster is tricking the victim through phishing email, personating as
another person or institution, thus making it punishable under Section66D of IT Act, 2000.

Phishing can also be prosecuted under Indian Penal code. Following are the sections,
which can apply to phishing:
Section464: the phisher forges documents and electrical records to trick the victim, making
it an offence, which is punishable under this section of IPC.
Section416: in a phishing attack, the attacker personates and cheats the victim, which is
punishable under this Act.
Section420: phishing attacks, where the hacker tricks the victim by inducing delivery of
property, comes under this section.

4. CASE STUDIES

A. Nidhi Razdhan Harvard phishing scam

8
 imprisonment for a term which may extend to three years or with fine which may extend to five lakh rupees
 On 13th June 2020, Nidhi Razdhan on her twitter announced that after 21 years at
NDTV, she has left her job and later that year, she starts as an associate professor,
who will teach journalism as part of Harvard university’s faculty of arts and sciences.
Which she later found out was a very sophisticated phishing attack. According to her
they invited her to speak at an event organised by the Harvard Kennedy School in
early 2020. One of the apparent organiser of this event contacted her to say there was
a vacant position in the faculty of journalism and if she would be interested. She
submitted her CV.
In January 2020, she received an email from an alleged Harvard employee, which
appeared to be from a trustworthy source, with an offer letter and agreement. The
offer letter and the agreement also seemed genuine. They also separately emailed her
former employers at NDTV and others for recommendation letters, and official-
looking acknowledgments were sent back to them. They too thought nothing was
amiss. After 10 months of back-and-forth communication (in which she sent many
personal information about her related to work) with the alleged Harvard associate.
She grew frustrated with the administrative processes and expressed the same
repeatedly on email. In January, when she wrote to the dean of the graduate school of
Arts and Science, she found out that there was no record of her appointment and
people claiming to be their HR staff did not exist.9

This was a case of spear phishing. As it is hard to spot these kinds of phishing attacks
because they are more personalized, elaborate and sophisticated. It took her whole 10
months to find out that she was a victim of a phishing attack. The attacker probably
did this intending to harm her or stealing her sensitive and personal date, such as bank
credential.
She definitely could have definitely done a better job at verifying this job offer. As
Harvard has no department of journalism, nor a professor of journalism. Even though
you can get a degree in master of liberal arts(which focuses on journalism) in a
Harvard extension school, taught by adjuncts, with no full-time faculty.
It is hard to believe a veteran journalist like herself got fooled by an online scam. As
fact checking is one of the most important part of her profession itself. I am also
disappointed at the people who work on NDTV India that found nothing amiss in this
situation. This definitely harmed the reputation of both NDTV India and Nidhi
Razdhan.
To prevent these kinds of spear phishing attacks from happening in the future, one
can :-
ⅰ. Check the user email id and domain name first. If the domain is a public domain,
it is probably a phishing scam. Also, look out for spelling or grammatical mistakes.

9
I Am Nidhi Razdan, Not A Harvard Professor, But..., by Nidhi Razdan, blog, NDTV India,
https://www.ndtv.com/blog/how-i-fell-for-a-phishing-attack-my-story-by-nidhi-razdan-2353395
 ⅱ. Counter measures like, Two factor authentication can help combat these
phishing attacks. Even if the hacker has the login credential, he cannot access the
account without two factor authentication example:- OTP, biometrics, etc.
ⅲ. Setting up spam filters on your email server can reduce the number of spam and
phishing emails

B. Colonial pipeline cyber attack

On May 7, 2021, colonial pipeline announced that a cyber attack has forced the
company to close operation and freeze the IT system after becoming a victim of cyber
attack. Bloomberg says that during the attack, they stole 100gb worth of corporate
data in just two hours.
The FBI blamed the attack on a group called the “dark side”. The attackers seized
control of the computer using code and demanded monetary compensation in order to
release the system back to the company. The attackers could plant the malicious
software after gaining access to an employee's password. The most likely way of
doing this attack was through a phishing email. As the FBI noted, the dark side group
responsible for this attack has used such a method.
The company had to pay approximately 75 Bitcoins or around 5 million dollars in
return for the decryption key. Though the loss was far greater than it, as they are a
major supplier of fuel in America. The colonial pipeline spans almost 5500 miles and
carries millions of gallons of oil per day. Colonial pipeline is vital for several airports
along the eastern seaboard of the US and military bases throughout the southeast. The
attack resulted in non delivery of about 20 billion gallons of oil. In the attack's
aftermath, panic buying fuel spurred by the fears of fuel shortages, left several gas
station with long lines as people hoarded gasoline.
The attack itself exposed how vulnerable the U.S energy infrastructure is. Many
experts believe that the American energy and power infrastructure is outdated and is
very susceptible to future cyber attacks.10
Attacks like this show, the importance of education among the employees about the
threat of cyber attacks. Millions of phishing emails are sent out every day and many
slip through the spam filters. The employees must be trained to spot these kinds of
phishing emails.

10
Colonial Pipeline pays $5 mn in bitcoin to hackers: New age warfare by non-state actors, video essay by
Shekhar Gupta, additional research done bySaamiya Laroia and Tenzin Zompa, THE PRINT.
https://www.youtube.com/watch?v=XvbPVkux2_E
5.Statistics
# According to FBI phishing was the most common cyber crime committed in 2020. The FBI
said that there were 11 times more phishing attack in 2020 compared to 2016.

# ninety six percent of phishing is done through emails. And another three percent are done on
malicious websites and only one percent are done via mobile phones.

# According to recent research from Proffpoint, Around 75% of the organisation in the world has
experienced some kind of phishing attack.

# According to the findings of a global survey by Sophos, a cyber security company, around 83
IIT teams in Indian organisation stated that the number of the phishing attacks targeting their
employees got increased during year 2020. Good news is 98% organisation India has
implemented cyber security awareness program to fight phishing.

# According to Terannova security’s, almost 20% of employees click on phising emails and of
those 67.5% go on to enter their credentials on these phishing websites.

# According to an research conducted at bailey et al, 2008, 95% of phishing attacks are caused
by human errors

# According to an analysis of real-world phishing emails revealed these to be the most

common subject lines used in 2020

ⅰ. IT: Annual Asset Inventory

ⅱ. Changes to your health benefits
ⅲ. Twitter: Security alert: new or unusual Twitter login
ⅳ. Amazon: Action Required
ⅴ. Zoom: Scheduled Meeting Error
ⅶ. Google Pay: Payment sent
ⅶ. Stimulus Cancellation Request Approved
ⅷ. Microsoft 365: Action needed
ⅸ. RingCentral is coming!Workday: Reminder: Important Security Upgrade Required

# According to Symantec’s 2019 Internet Security Threat Report, top five subjects for business
emails compromise attacks are:

ⅰ.Urgent

ⅱ.Request

ⅲ.Important
 ⅳ.Payment

ⅴ.Attention

6.Remedies against phishing attack

Researchers have suggested a wide range of solutions and remedies to prevent phishing attacks,
but there has been no definite solution that is trustworthy to mitigate these attacks. We can
designate countermeasures against phishing attacks into three major defensive plans.

 Human based solution

Human education is by far the most effective countermeasure against phishing
attacks. By educating the end user to spot phishing attacks and avoid taking the
bait. It reduces the end user less susceptibility to phishing and compliments other
technical solutions. Most phishing attacks happen due to human error.
 Technical solutions
Technical solutions involve preventing the attacks at the early stage, to prevent
the threat from materializing at the user’s computer. We can classify technical
based solutions into two different approaches:
1. Non-content based solution
The emails and websites are blacklisted or whitelisted in non content based
solutions. Stopping the phishing sites and emails using black listed and
whitelisted approaches, the website under scrutiny is checked against such list
in order to be classifies as a legitimate or a phishing site.
2. Content based solution
Content-based methods classify the page or the email relying on the
information within its content such as texts, images, and also HTML, java
scripts, and Cascading Style Sheets
 The last line of defense is the use of law enforcement in deterring these attacks.

7.Conclusion
Phishing is one of the oldest form of cyber attack and remains effective because of its ability to
evolve and diversify its attacks. Security threats from phishing comes in different safe and sizes.
Hackers will use all kinds of tactics over different platform and devices to steal your confidential
data and install malicious malware in your computer. As we have learned from the above cases,
no one is truly safe from phishing attacks. Even if we find different ways to protect ourselves, we
are always susceptible to these attacks. Further research about phishing is necessary to study and
investigate about the susceptibility of the user to phishing attacks. With the growing use of social
media, it has become much more common to get caught in these phishing scams. Older
generation who are more susceptible to these phishing attacks because of their lack of knowledge
about technology should have proper education provided to them about the threat of phishing
attacks. This new era of cyber world has made our private life very vulnerable.

8.Reference

#Hedge Fund Closes Down After Cyber Attack

# DNS Manipulation in Venezuela in regards to the Humanitarian Aid Campaign |
Securelist
#Blox Tales #15: Credential Phishing Attack Performs Real-Time Active Directory
Authentication
# Interior IG Team Used Evil Twins and $200 Tech to Hack Department Wi-Fi
Networks - Nextgov
# 83% organizations in India saw rise in phishing attacks during pandemic
# Q4 2020 KnowBe4 Finds Work From Home-Related Phishing Email Attacks on the
Rise
# https://en.wikipedia.org/wiki/Phishing
# https://www.itgovernance.eu/blog/en/the-5-biggest-phishing-scams-of-all-time
# https://www.youtube.com/watch?v=GLhDGuTSR9I
# https://www.frontiersin.org/articles/10.3389/fcomp.2021.563060/full#B17