Blog

Phishing is one of the oldest forms of cybercrime. Despite this, phishing still poses a serious threat to many organizations. The reason for this is the widespread usage and sophistication of phishing campaigns.

Phishing is a cyberattack type that is aimed at gaining access to users’ confidential information (login/password, bank card details (CVV, card PIN, etc.), transaction confirmation password, e-mail address, financial phone number, code word and answers to security questions and other banking information).

To carry out such attack criminals use social engineering methods. They fake emails, ads, or websites to look as close as possible to already trusted by users. For example, cybercriminals can send a letter ostensibly from the bank where clients are served and force them to provide information about their bank account. When opening such a letter and clicking on a malicious link, users get to a fake, but as close as possible to the real site. Attackers often spoof financial institutions, emails from colleagues, auction sites, social networks, and online payment systems. Phishing emails can also contain attachments to install malware (ransomware, programs to gain unauthorized access to the system and obtain confidential information, etc.).

There is a phishing kit to facilitate phishing campaigns implementation. It is a set of tools that reflect legitimate sites (Microsoft, Google, Apple, PayPal, etc.). After installing such a set on the server and acquiring a domain name for a phishing site, email attack to achieve attacker’s goals can be started. Phishing kits are available for purchase on the dark web.

Phishing targets:

• Confidential information collection: suspicious emails to trick the victim into revealing login credentials and/or providing personal information;
• Malware installing: emails with infected links or attachments with infected software.

Phishing attacks types:

• Spear phishing is a targeted attack to obtain and use the victim’s personal information through an email or message. Cybercriminals use the victim’s personal information in a phishing message, that makes the attacks successful;
• Vishing (voice phishing) – a phone call attack in order to lure out bank information, bank card details, other confidential data, as well as transfer funds to the attackers’ account;
• Smishing is phishing via SMS that contains a link or a phone number. To increase a wish to click on a link or call, criminals increase the sense of urgency;
• Clone phishing is a type of phishing where a previously delivered email from a legitimate source is completely cloned, but with added malicious content (attachment, link);
• Whaling is spear phishing targeted at senior executives (board members, CFO and others with access to sensitive information);
• Link manipulation is a form of phishing where a malicious link looks like it belongs to a legitimate organization;
• Filter evasion is a phishing form using an image to avoid anti-phishing filters;
• Website forgery is a phishing form where criminals use javascript commands to change the URL they lead to;
• Covert redirect is a phishing form where the link looks like a legitimate one, while redirecting the victim to the phisher’s website;
• Tabnabbing is an attack that uses inactive tabs to lure personal, registration data and passwords to popular websites;
• Pharming is an attack that redirects users from a legitimate site to a phishing site, even if the domain name is entered correctly.

The main phishing task is to disguise yourself as a legitimate company, employee or colleague as much as possible that makes it difficult to determine authenticity. However, there are certain indicators that indicate phishing attempts:

• Use of subdomains, mistakes in URLs;
• Using Gmail or another provider of free email addresses rather than corporate mail; the domain name doesn’t match the incorrectly provided domain;
• Message evokes a sense of fear and urgency;
• Message contains a request to verify personal information (data for entering the bank, login and passwords for entering social networks or other systems);
• Spelling and grammatical errors in a message text;
• Message contains an unusual attachment that could be malware or ransomware;
• Familiar name of the sender, but usually you don’t communicate or don’t have common job responsibilities with him;
• Mismatch of the URL in the email with the URL of the misrepresented organization;
• Message contains false information about winning the lottery or competitions in which you have never participated.

The popularity and high success rate of phishing attacks increases the need for methods to prevent them. The best way to prevent phishing is to study examples of phishing attempts and provide employee training.

To prevent phishing attempts, personnel should:

• Identify phishing attacks;
• Be careful with pop-ups;
• Be careful when clicking on a link contained in an e-mail;
• Make sure that the link leads to the correct address;
• Make sure that the website’s SSL certificate is valid and matches the domain;
• Get confirmation from a colleague or manager about sending a suspicious letter;
• Beware of redirects to other sites with identical design;
• Make sure the URL matches before entering confidential information;
• Not disclose personal information that could be used for spear phishing and whale phishing (eg date of birth, address, telephone number, etc.);
• Check letters that indicate urgency;
• Avoid downloading attachments from e-mails if you are not sure about their authenticity;
• Check links;
• Use two-factor authentication.

To prevent phishing emails from reaching employees it’s necessary to use:

• Antivirus software;
• Desktop firewalls;
• Network firewalls;
• Antispyware software;
• Antimalware software;
• Mail filter;
• Information security gateways;
• Spam filters;
• Browsers that warn users about fraudulent sites;
• Two-factor authentication;
• Password manager.