Phishing is one of the most common methods of attack among cybercriminals today. The method involves tricking the recipient into opening a document, visiting a website, or downloading a file via email, SMS, or chat services. The goal is to infect the device with malicious code and/or get over high permissions as the first step in a more comprehensive attack.
Basically, phishing is a form of identity theft where the attacker pretends to be someone else, for example, an authority, employer or a company. The attack is then executed by the attacker sending false messages urging the recipient to click on links or download files in order to hijack sensitive information or infect the recipient’s device with malicious code.
Some common examples of phishing are:
- An attacker pretends to be a bank that emails that the user information must be checked or updated as soon as possible.
- An attacker pretends to be a credit card company and asks the recipient to confirm account information, otherwise the card will be blocked.
- An attacker pretends to be the Tax authorities and urges the recipient to click on a link to gain access to the tax refund.
- An attacker pretends to be a gaming company that tells you that the recipient has won a large lottery win that requires certain measures in order to be paid out.
Other variants of phishing
Ordinary phishing is in many cases sent to large groups of recipients without much accuracy. Anyone who is a bank customer may immediately understand that something is not right when an email arrives with the text “Best bank customer”. But just like ordinary companies, cybercriminals work actively to maximize the profitability of their business. As a result, more refined variants of phishing have evolved in recent years, such as spear-phishing and smishing.
Unlike regular phishing attacks, which target broad, often randomly selected groups, spear phishing targets selected individuals and organizations. In these cases, the attacker does proper preparatory work that can include mapping the interests of a company’s employees in social media and the organization’s hierarchy, but also factors such as email domain, email signature and IT system.
The information can then be used to design realistic emails that are difficult to identify even for those who are attentive. And work can pay off: if it’s really bad, a single successful spear-phishing email can, in the long run, allow an attacker to take control of an entire corporate network.
Some examples of spear phishing are:
- An attacker pretends to be the company’s CEO and demands from an employee of the finance department that a transfer of a large sum of money must take place immediately.
- An attacker manipulates a person in the IT department into submitting sensitive login information to a specific system of interest by claiming to be the actual operating provider.
- An attacker pretends to be a close relative who contacts the recipient and asks for a quick transfer of money in a crisis situation.
Phishing can also occur via SMS and is then called smishing, a combination of the words “phishing” and “SMS”. The attack involves the attacker sending an SMS from a fake sender in order to get the recipient to click on a link that either installs malicious code on the phone or causes the recipient to leave sensitive information.
A common technique used in smishing is so-called spoofing, when a tool is used to falsify sender addresses. Spoofing is easily accessible for anyone to use via online services and costs no more than a few kroner. Revealing a spoofed SMS, on the other hand, is very difficult, as it is not possible to look at the same warning signals as in an email.
Some examples of smishing are:
- An attacker pretends to be a company and sends a confirmation that the recipient is registered on their service and will be charged X number of dollar / day if the order is not completed via an attached link.
- An attacker pretends to be a company of which the recipient is a customer and sends links with offers of discounts that are only valid for a limited time.
- An attacker pretends to be a shipping company that tells you that there is an update in the recipient’s order that must be confirmed via a link in order to be delivered.
Why is phishing attacks so common?
Phishing as an attack method has become immensely popular among cybercriminals – for the simple reason that it works. Engaging in phishing as a business has become so lucrative that the method has gone from being used by individuals to being run by large “professional” organizations.
One reason for carrying out phishing attacks is to come across login details and credit card details in order to be able to convert them into pure money. On the more inaccessible parts of the Internet (so-called darknets), there is trade in stolen data of this kind. Fraudsters can buy, for example, login information to social networks and access to thousands of people’s accounts, each with their own network of contacts and lots of personal information.
Fraudsters may also be interested in infecting users’ computers with malicious code. Reasons for this may include:
- Use your computer in a major botnet attack to carry out a DDoS attack, for example.
- Infect the computer with a form of ransomware, the malicious code of which encrypts all files on the computer and demands
- a ransom from the victim to regain access to the files.
- Infect your computer with spyware in order to spy on a user or a company.
How to protect yourself from phishing attacks?
Email security software and antivirus can identify the most obvious phishing attacks, but no protection is 100%. It is therefore up to everyone to learn how to avoid falling victim to a phishing attack. To check the validity of a message, you can ask yourself a number of different questions, such as:
- Is the text formulated in an unusual way? It can be misspellings, strange language, or anything else that stands out. In this case, it is an important warning signal that may be due to the email being translated automatically from another language.
- How personal is the beginning and end of the email?
- How likely is it that authority in your country will start with “Dear Sir / Madam”?
- Signature with contact information at the end of the email is almost mandatory in official contexts but is usually completely missing in phishing emails.
- Is the sender’s address correct?
- In recent years, fraudsters have become more proficient in terms of language and text content and therefore it is important to pay attention to other details, such as the sender’s address.
- Hold the mouse over and be careful. Similar domains are often used in phishing attacks, for example Amazon@Amazzon.com instead of email@example.com.
- Are the links correct? Hyperlinks in the email should be checked in a similar way to the sender address. Hover with the mouse pointer above them and you can see the link address in cleartext.
- Link addresses can be both long and cumbersome, but it is still often possible to assess credibility. Does the link go to a legitimate website or do you not recognize the address at all?