What Is Phishing?
With the world going digital, internet criminals have also devised means of perpetuating crime online. One such method is called phishing. Phishing is a cybercrime carried out by fraudulently obtaining sensitive information of people such as usernames, passwords, banking and credit card details.
The phisher disguises as a trustworthy entity in an electronic communication such as email, text, or telephone so as to manipulate the target to part with sensitive information. Such fraudulently obtained information is then used to access important accounts and can result in identity theft and financial loss.
Communications used to deceive victims are purported to originate from trusted parties such as social websites, auction sites, banks, online payment processors or IT administrators. Perpetrators of these attacks distribute malicious links or attachments capable of functions like extraction of login credentials or account information from victims via email.
In some cases, victims are redirected to enter personal information at a fake website that is difficult to tell apart from the legitimate site.
How To Investigate Phishing Email
Usually, just a few pieces of information such as subject, date, and time are displayed on email headers but they usually contain far more information than that. Investigating a fraudulent email should start from the header. Different desktop or web email applications have different methods for revealing the full message header.
Find out how to do this with the desktop or email application you have. A critical analysis of the information contained in the message header will reveal if the email is indeed fraudulent.
Extract the attack link And Visit The Malicious Website
You can investigate a phishing mail by extracting the attack link and visiting it from an isolated environment. Do not visit the URL on a work computer or any other important gadget with valuable information. If you right click on the email body, you will see the option “View Source”.
Desist from hovering over the link as a malicious event could be linked to such actions. After extracting the link, visit the link from an isolated environment and behind a proxy. You can also change the email addresses in the link to a random one. All this will prevent the attacker from realizing one of the emails is being investigated.
Analyze the malicious website
A deep analysis of the malicious website will yield more information about the phishing attack. You can carry out advanced domain registry analysis by looking at the WHOIS records of the domain.
How To Prevent Phishing And Spoofing
The following tips will will you prevent phishing and spoofing
.Always check the spelling of the URLs in email links before you click or enter any sensitive information. Also, look for a “lock” icon at the bottom of your browser and make sure “https” appears in front of the web address before submitting any personal or sensitive information through a website. The presence of these two signs confirm you are dealing with a secure website and information being transferred is secure.
.Be vigilant and watch out for URL redirects, where you are subtly sent to a different website with an identical design to the legitimate site.
.If you receive an email from a well-known source but have doubts about its authenticity, contact that source through another email to verify if the mail you received earlier indeed originated from them rather than just hitting reply.
.If you receive a suspicious email with links to a website you know very well, simply open a new browser window and type in the legitimate web address you know to reach the company cited in the e-mail. Alternatively, you can place a call across to the company.
.Avoid posting personal data such as your birthday, vacation plans, address, and phone number publicly on social media.
.Do not reply to e-mails that require you to share personal information to avoid the sudden closure of your account. Also, do not click on links within such e-mails.
Make it a habit to review card and bank statements monthly for any unauthorized activity and report any discrepancies immediately.
What Is The Best Defense Against Phishing?
While technological phishing defenses work to reduce the volume of threats that are delivered to inboxes, they are not 100% effective and some malicious emails still find their way into inboxes of users. The best defense against phishing still remains humans. Spam filtering solutions will identify and block most phishing emails, firewalls can keep networks protected and also block communication between malware and C2 servers, while web filters can prevent users from visiting malicious websites.
In the case of companies, employees themselves must not be forgotten in any defence system against phishing. Anti-phishing software is quite effective at blocking standard phishing attacks, but their success rate is much lower against targeted phishing attacks such as spear and whale attacks.
So organizing security awareness training for employees is the best way to protect against phishing and improve spear phishing defenses. This training should cover the basics of phishing, and enlighten employees on how to identify phishing email. They should also be taught how to respond when a suspicious email is received, as well as security best practices such as what to do and what not to do when an email received is deemed suspicious. That remains the best defense against phishing attacks since individuals are the targets of these malicious attacks.
Types Of Phishing
With more people becoming aware of phishing and how this crime is perpetuated, cybercriminals have also stepped up their game by rolling out new types of phishing scams. Some of the more common types of phishing are discussed below.
This type of phishing attack is directed at specific individuals or companies with specific common characteristics or other identifiers that have been gathered to make the message seem authentic. These types of phishing emails might include references to coworkers or executives at the victim’s organization, the use of the victim’s name, location or other personal information all in a bid to make the source of the email appear authentic.
These types of emails may appear harmless but they are designed to help hackers obtain trade secrets or other classified information.
A whaling attack is also known as a whaling phishing attack or whaling phishing. This type of phishing attack is targeted specifically at high-profile employees within an organization such as the CEO or CFO. The idea being that these high ranking officials typically have complete access to sensitive data so they are targeted in order to steal such information from a company.
In most whaling attacks, the goal of the attacker is to trick the victim into authorizing high-value wire transfers to the attacker. The phishing message appears in the form of a command from an executive to make payment to a vendor when, in actual fact, the payment would be made to the attackers.
In simple terms, pharming is a cyber attack that is carried out by redirecting traffic from a legitimate website to a fraudulent one. This type of attack is done in two ways. The first is by DNS cache poisoning which exploits a vulnerability in DNS server software. The second is by changing the host file on a victim’s computer.
A victim of this type of attack will be redirected from a legitimate site to a fake one and tricked into using their login details to attempt to log in to the fraudulent site.
Clone Phishing Attacks
This type of attack involves cloning or making a copy of a previously delivered legitimate email that contains either a link or an attachment. The attackers, in this case, make a copy of the legitimate email and replace one or more links or attached files with malicious links or malware attachments. This message appears to be a duplicate of the original, legitimate email, tricking victims into clicking the malicious link or opening the malicious attachment.
Evil Twin Wi-Fi Attack
An evil twin is a fraudulent Wi-Fi access point which appears to be legitimate but is instead set up to eavesdrop on wireless communications. When unsuspecting victims connect to the evil twin Wi-Fi network, the attackers are able to access all the transmissions sent to or from victim devices, including user IDs and passwords. Also, attackers can use this vector to target victim devices with fraudulent prompts for system credentials that appear to originate from legitimate systems.
Voice Phishing (Vishing)
A vishing attack occurs over voice communications media, including voice over IP (VoIP) or POTS (plain old telephone service). An attacker uses speech synthesis software to leave voicemails purporting to notify the victim of suspicious activity in a bank or credit account. The message will also encourage the victim to respond to a malicious phone number to verify their identity. If the victim goes ahead to respond to this phone number, their account credentials will be compromised.
SMS Phishing (SMishing or SMShing)
This type of phishing attack is perpetuated via text message to convince victims to disclose account credentials or to install malware.
How Does Phishing Work?
A typical phishing attack follows the following process.
First, the phishers select a business or businesses to target and then determine how best to get e-mail addresses of customers of such business. Often, they employ the same mass-mailing and address collection techniques used by spammers.
Next is the setting up of the attack. Once the hackers have picked on the business to spoof and identified who their victims are, they will create methods for delivering the message and collecting the data. Usually, e-mail addresses and a web page are used.
The attack phase is the one most people are familiar with. The phisher sends a phoney message that appears to originate from a reputable and trusted source.
Once the phoney message has been delivered successfully and the recipient falls for it, information entered into web pages or pop-up windows is recorded by the phisher.
Identity Theft and Fraud
This is the last stage of the entire process. Once the phisher has obtained sensitive information from the victim, they use such information to make illegal purchases or commit fraud.
Free Anti-phishing Software
There are a number of free anti-phishing software available for download on the internet. Some of them are listed below.
Google Safe Browsing
AVG AntiVirus Free
Bitdefender Antivirus Free Edition
Kaspersky Internet Security
Avira Premium Security Suite
ESET Smart Security
Norton Internet Security
WOT (Web Of Trust) – a browser extension
How To Identify Phishing Mails
Hackers have upped their game no doubt, but still, they are not perfect. If you are observant, you can spot a phishing mail at a glance. Here are some clues you can rely on to identify a phishing mail.
Request For Sensitive Information
Legitimate companies do not request sensitive information via email. If you are aware of this fact, then you will be able to detect a phishing mail at a glance, This is because such emails usually contain links or attachments asking you to provide sensitive information.
It is not in the practice of legit companies to ask for sensitive information such as passwords, credit card information, credit scores, or tax numbers via email. Also, legal companies will not send you a link via email from which you need to log in.
Emails sent from legit companies have personalized salutation. This means the company will address you by name for example “Dear Chris” if your name is Chris. Phishing emails typically feature generic salutations such as “Dear valued customer,”. Any company or business that you deal with will address you by name when they contact you.
They would most likely ask you to visit their office if they require sensitive information from you. Some hackers now avoid the salutation altogether so a phishing mail without generic salutation may be more convincing but there are still other ways you can detect it is not genuine.
Bad grammar is one easy way of spotting a phishing mail. Mails that originate from legitimate sources should be well written. If an email is badly written, you should immediately query its authenticity and desist from interacting with the mail further. Avoid clicking links or downloading attachments contained in such mail.
The Message Is Designed To Make You Panic
Usually, phishing emails instil panic in the recipient. They are often worded in a way that makes you panic and lure you to take action immediately. A typical phishing mail may claim your account has been compromised and that you need to visit a website through a link contained in the mail to verify such account by entering your log in details in order to retain ownership of the account.
In some other cases, the email might state that your account will be closed if you do not act immediately. If you receive an email that follows a similar pattern, take a deep breath and think before taking any action. Better still, you can contact the company involved via other means.
You Are Forced To Visit A Website
Legit emails from companies do not force you to visit the company’s website. Phishing emails are sometimes coded entirely as a hyperlink such that if you deliberately or accidentally click anywhere in the email, you will be sent to a fake website, or you will have spam downloaded onto your computer.
Companies usually don’t send you unsolicited emails that contain attachments. Instead, you will be directed to their website to download documents or files. However, some companies that already have your email may sometimes send you information, such as a white paper, that may require a download.
In such cases, lookout for high-risk attachment file types such as .exe, .scr, and .zip. If you have any doubts about the authenticity of such email, contact the company directly through other means to verify.
Links Don’t Match Legitimate URLs
Always double check URLs before visiting a website from an email link. The fact that a link says it’s going to send you to a place doesn’t mean it’s going to. Hover your cursor over the link. If the link in the text doesn’t match the URL displayed as the cursor hovers over the link, that’s a definite sign you will be taken to a site you don’t want to visit.
Don’t trust the link if the hyperlink’s URL doesn’t seem correct, or doesn’t match the context of the email. Also, you can verify that a website is secure by hovering your mouse over embedded links without clicking and check if the link begins with https://. If it doesn’t, don’t click on it.
Phishing remains a threat to our digital security despite the many available software to help protect against this menace. It is important that we keep educating ourselves on this issue and also sharing information about how criminal elements behind phishing attacks operate. This way, as many people as possible will be enlightened as to how they should react if they ever fall victim of these attacks.