What is phishing? – TechCentral.fr
From bank scams to industrial espionage, we take a look at why phishing is so lucrative
With so many emails pouring in from all kinds of sources every day, it is a tiring job to examine each one and treat him as guilty until his innocence is proven. Unfortunately, failing to do so is why phishing remains such a lucrative hacking technique.
Phishing is a method of attack most often delivered through emails that attempt to trick the victim into believing that a trusted source needs you, whether it’s money, identifiable data, or credentials. connection.
While it has long been the most common and expensive method of attack, phishing has become particularly popular during the pandemic, with the number of attacks increasing by 220% in 2020.
Opening malicious email attachments is a simple attack method, but it continues to be one of the most effective. This confirms the conclusion many organizations come to that the human element of cybersecurity is the weakest link.
Here’s what you need to know about some of the types of phishing attacks you may encounter and the motivations behind the attackers.
History of phishing
While a theoretical phishing technique was first described in 1987, this type of attack didn’t really start to gain popularity until the 1990s, with the advent of the mainstream Internet.
One of the earliest examples of phishing was known as AOHell and was a customer service ruse. This hack tool targeted AOL users and allowed the attacker to pose as a customer service representative. The target user would be encouraged to surrender their password if they did so, then the attacker could use their account for malicious purposes.
This element of using underhanded tactics remains the defining characteristic of phishing, although the number of types and techniques has grown significantly.
How to spot a phishing attack
Most of the users will face phishing attacks in the form of malicious emails. Many of them will be detected by the service provider’s built-in filters, which alert the user to suspicious content or recent attacks associated with the sender’s address. However, some malicious emails will cross the net, so it’s important to always be wary of any unexpected emails, especially those that claim to be from companies you haven’t had dealings with.
Unusual sender address
An email from a legitimate business will normally use a fairly standard address – something that is representative of the brand. Although sophisticated attacks attempt to impersonate the business they are mimicking, such as using PayPal.net instead of PayPal.com, many will forgo this effort and use clearly suspicious email addresses in the hope that the victim will not notice.
Spelling mistakes, grammar mistakes, strange phrasing
Legitimate emails will normally have gone through many layers of verification and control before they are sent, especially if they are automated. This means that spelling and grammar mistakes, or sentences that don’t sound quite right, should be an instant red flag. Occasional misspellings are understandable, especially if the email doesn’t appear to be automated, but you should be wary of glaring errors nonetheless.
Vague information or requests
Businesses will typically try to personalize their customer correspondence, typically by addressing the email to a specific first name taken from account information, or using very specific information from a recent order. Another red flag is therefore the absence of this personalized information, in particular when the e-mail is addressed to a “Mr. / Mrs.” or a “recipient”, or if the e-mail mentions vague references to a recent order. Malicious emails will use this lack of specific information to encourage secondary action, whether that’s clicking a link or opening an attachment.
Covid-19 phishing attacks
Hackers were quick to seize the opportunity of the pandemic as companies struggled to find their place with new ways of working and securing their employees.
Much of the communications itself has also focused on the coronavirus, with hackers playing on people’s fears of the virus to attract clicks on malicious emails.
In May of last year, Microsoft warned of a “massive” phishing campaign that used coronavirus-themed emails to deliver attachments containing malicious Excel 4.0 macros. These malware-containing emails, which were in the subject line “WHO COVID-19 Situation Report,” claimed to be from the Johns Hopkins Center for Health Security and showed a graphic purported to display coronavirus cases in the United States.
Additionally, Google has seen a huge increase in phishing emails sent during the pandemic. The company said it is now blocking more than 100 million phishing emails per day, nearly 20% of which were related to Covid-19. These emails, which often masquerade as government organizations and corporate clients, were designed to target home-based employees, small businesses, and organizations affected by the government-induced lockdown.
The World Health Organization also reported a five-fold increase in phishing attacks in the first weeks of the outbreak. These attacks were aimed at obtaining confidential information about the pandemic or at disrupting those trying to fight it. This has evolved so that hackers also attempt to phish companies that manufacture vaccines.
Financial phishing attacks
Financially motivated phishing attacks have been around for a long time and take many different forms. Many of us are familiar with the fraudulent emails from the Nigerian prince, in which the victim is contacted by someone claiming to be the representative of a Nigerian prince who for some reason wishes to transfer some of his wealth out of the country and give the victim a share of the money if they let the scammer use their bank as an intermediary. Other variations include the death of a long-lost relative or, more recently, a friend or family member who was robbed while on vacation and is in need of an emergency loan.
Normally, this scam results in a loss of money – not because the bank details are transmitted, but because the victim is asked to pay money first to the scammer, whom they never hear from again. .
This is a very basic form of financial phishing attack, but others are much more sophisticated. Crooks are sending increasingly well-crafted emails that appear to be real messages from real banks. This type of attack aims to trick a user into entering all of their bank or credit card information on a website accessed through a link in the phishing email that looks like the genuine article but actually belongs to the criminals. Once done, the phisher can use the details as if they were the legitimate cardholder or the bank’s customer.
Account takeover is the goal of early phishing attacks: access someone else’s online account, whether it’s on social media, email, a forum, or whatever, and then take control of it. control.
This is usually done through a malicious link sent in an email, instant message, or direct message that looks legitimate. Once the user clicks on it, they will be redirected to a realistic looking website exploited by attackers and just like the banking attacks mentioned above, they will be asked to enter their username and password. password.
The purpose of an account takeover could be to send spam from that email address or social media account; to obtain further information about the person, including financial information or other sensitive data; or as a form of protest. Rival ideologies on the fringes of politics are notorious for gaining the upper hand and shutting down their opponents, for example.
This category covers both industrial espionage and state-level espionage. In either case, the goal is to gain information about your rival in order to outsmart him or, in some cases, sabotage him.
In this case, the email is normally designed to give the impression that it is from a vendor or perhaps a senior company official and has a sense of urgency. This will, hopefully, make the recipient of the email more likely to respond quickly with the information, removing any doubts if it should arise.
It can be part of a much longer campaign that involves many other types of cyber attacks like spyware and malware specially created to damage industrial machines or national infrastructure.
Under the umbrella of ‘phishing’, security researchers have identified a number of subgroups that are even more targeted in their approach, the two most common being spear phishing and whaling.
Spear phishing is a phishing campaign that targets a specific person or business. This technique requires a bit more effort on the part of the cybercriminal as they have to do more background research in order to create a personalized phishing email. According to a study, 88% of organizations worldwide reported spear-phishing attacks in 2019.
Whaling looks like spear phishing, but it is even more targeted, focusing on CEOs and CFOs of a company. These emails are designed to sound like an urgent item that a senior company executive needs to consider, such as a customer complaint or a subpoena. Scams often require the transfer of a large sum of money.
The Symantec report stated that “these scams can be damaging because they require little technical expertise, but can yield huge financial benefits for the criminals and significant losses for the companies involved. For example, in early 2016, an Austrian aerospace company fired its CEO after losing nearly $ 50 million to BEC crooks ”.
© Dennis Publishing