Phishing and protection against it

Phishing is a common online fraud, the main purpose of which is to gain access to critical data by cunning. This method focuses not on finding vulnerabilities in software, but on the features of human behavior. The most commonly used method is to redirect the user to a fake resource that imitates the original in detail.

On average, over a year, despite all efforts to combat fraud, more than 5,000 phishing sites appear, each of which can bring a huge number of problems to users who accidentally hit it. Therefore, the second important aspect of countering this type of online fraud is educating people so that they understand what to do in order not to become victims of fraud. Thus you need to know at least the basic techniques that they use.

Phishing spoofing

A classic technique that has changed little since its first appearance. Attackers still send emails with links that lead to phishing sites, pretending to be representatives of banks, tax authorities, online stores, and other resources where they have to enter personal data.

Each letter copies the original message in detail, which might actually have been sent by representatives of the original resources or pages. With a few exceptions - the attached link does not lead to the official site, but to fake copying it with maximum accuracy.

To motivate the user to follow the link, two methods are used - positive (the ability to get something good and useful) and negative (the ability to avoid something bad or dangerous). Most often, the following techniques are used:

• "Your account has been / will be blocked." You must follow the link and verify your identity to avoid this. The threat of losing access to important information motivates users to act quickly, without figuring out exactly where the link leads.
• “Suspicious activity has been linked to your account. Security settings need to be updated. " It is required to keep the old username and password to change them to "new and uncompromised".
• “You have received an important message. Go to your personal account to familiarize yourself with it. " Users believe this trick since official financial institutions really do not send information directly to email, but send it to the mail of their "personal account". The link, of course, leads to a fake site.
• "You are experiencing tax arrears in the past month. Click here to fix the problem." Very relevant during the period of filing tax returns. The reason for following the link may be other points - requests to send missing documents or reports, confirm the right to a partial tax refund, etc.

Targeted phishing

Spoofing phishing is carried out by mass mailings to email addresses obtained by hacking or purchasing existing databases. That is, the attack is massive, but the same in all situations. Modern users already know from their bitter experience what the transition to suspicious links is fraught with, therefore, for the most part, they do not fall for this technique. Therefore, a more targeted method was invented.

If the letter mentions any personal data of the user - name, position, profession, references to past jobs or contacts, then such a message evokes much more confidence. Moreover, users provide cybercriminals with this information on their own - by posting it on specialized platforms and thematic resources. For example - the service LinkedIn, where the resume of potential employees and employers is freely available.

Phishing against top management

A type of targeted attack aimed at middle and senior management. This is extremely beneficial to fraudsters because it is the management who has the right to access all confidential information, and not just part of it.

Having gained access to the accounts of the authorities, fraudsters use them to organize, for example, large money transfers, allegedly agreed with the management. Or otherwise disrupt the system.

That is why it is imperative that all senior executives complete Internet security training programs. Because a successful phishing attack against them can do huge damage to the entire organization.

Phishing to access cloud storage

Not all confidential information is stored on secure servers or inside corporate networks. Many smaller organizations use Google and Dropbox cloud storage for this. Both office documents and backup copies of local computers are stored there.

The method of achieving the goal, however, does not change - phishing sites are used that imitate logging into a Google account or another similar service. A link to this site is attached to the email.

Phishing with attachments

By clicking on a phishing link, the user loses only part of his confidential information. But by running the file attached to the letter on his machine, he can suffer much more. Spyware that capture information entered from the keyboard, Trojan files, ransomware viruses - all this can be hidden under a seemingly harmless link in an attachment to an email. Yes, modern anti-virus programs block a lot of this, but scammers, alas, are almost always one step ahead of information security specialists.

Farming

"Multilevel phishing", using not only social engineering, but also software techniques. The point is what. At the first level, the user, following a malicious link, infects his machine with a Trojan with a very specific task - to change the DNS cache at the moment of entering an official and completely legal website. That is, the user thinks that he is following the correct link, but the automation forwards it to the phishing site. This type of fraud is incredibly effective and difficult to detect, because Trojans are hardly tracked while they are dormant.

Phishing protection

• Always check the URL for spelling errors. The difference in one letter separates the official resource from the fake.
• Use only secure https connections. S - means there is an additional encryption add-on that guarantees security. Fake sites usually don't use it.
• Any links in letters are suspicious, even if they come from familiar addresses. They can always be hacked.
• If the message came from a private and well-known person, then first you should contact him and clarify whether he sent you any link. And yes, you don't need to do this through your email address.
• You need to enter the addresses to which suspicious messages are asked to go either manually or through a bookmark in the browser. However, this will not help with farming, be sure to check the site you are visiting for authenticity.
• Don't use open Wi-Fi or leave your network open.
• Always and wherever possible, enable two-factor authentication.

Conclusions

Despite its apparent simplicity, phishing is one of the most effective types of fraud on the Internet. Because it focuses on the weakest link in the network security chain - the user. However, in most situations, basic knowledge of confidential information protection and some paranoia will help you defend against such attacks. At the very least, it is worth making a few good habits - regularly update your antivirus, never share your passwords with anyone, enter website addresses manually or using bookmarks in browsers. And always check the links and files attached to emails.