Phishing and protection against it

Phishing is a common online fraud, the main purpose of which is to gain access to critical data by cunning. This method focuses not on finding vulnerabilities in software, but on the features of human behavior. The most commonly used method is to redirect the user to a fake resource that imitates the original in detail.

On average, over a year, despite all efforts to combat fraud, more than 5,000 phishing sites appear, each of which can bring a huge number of problems to users who accidentally hit it. Therefore, the second important aspect of countering this type of online fraud is educating people so that they understand what to do in order not to become victims of fraud. Thus you need to know at least the basic techniques that they use.

Phishing spoofing

A classic technique that has changed little since its first appearance. Attackers still send emails with links that lead to phishing sites, pretending to be representatives of banks, tax authorities, online stores, and other resources where they have to enter personal data.

Each letter copies the original message in detail, which might actually have been sent by representatives of the original resources or pages. With a few exceptions - the attached link does not lead to the official site, but to fake copying it with maximum accuracy.

To motivate the user to follow the link, two methods are used - positive (the ability to get something good and useful) and negative (the ability to avoid something bad or dangerous). Most often, the following techniques are used:

Targeted phishing

Spoofing phishing is carried out by mass mailings to email addresses obtained by hacking or purchasing existing databases. That is, the attack is massive, but the same in all situations. Modern users already know from their bitter experience what the transition to suspicious links is fraught with, therefore, for the most part, they do not fall for this technique. Therefore, a more targeted method was invented.

If the letter mentions any personal data of the user - name, position, profession, references to past jobs or contacts, then such a message evokes much more confidence. Moreover, users provide cybercriminals with this information on their own - by posting it on specialized platforms and thematic resources. For example - the service LinkedIn, where the resume of potential employees and employers is freely available.

Phishing against top management

A type of targeted attack aimed at middle and senior management. This is extremely beneficial to fraudsters because it is the management who has the right to access all confidential information, and not just part of it.

Having gained access to the accounts of the authorities, fraudsters use them to organize, for example, large money transfers, allegedly agreed with the management. Or otherwise disrupt the system.

That is why it is imperative that all senior executives complete Internet security training programs. Because a successful phishing attack against them can do huge damage to the entire organization.

Phishing to access cloud storage

Not all confidential information is stored on secure servers or inside corporate networks. Many smaller organizations use Google and Dropbox cloud storage for this. Both office documents and backup copies of local computers are stored there.

The method of achieving the goal, however, does not change - phishing sites are used that imitate logging into a Google account or another similar service. A link to this site is attached to the email.

Phishing with attachments

By clicking on a phishing link, the user loses only part of his confidential information. But by running the file attached to the letter on his machine, he can suffer much more. Spyware that capture information entered from the keyboard, Trojan files, ransomware viruses - all this can be hidden under a seemingly harmless link in an attachment to an email. Yes, modern anti-virus programs block a lot of this, but scammers, alas, are almost always one step ahead of information security specialists.

Farming

"Multilevel phishing", using not only social engineering, but also software techniques. The point is what. At the first level, the user, following a malicious link, infects his machine with a Trojan with a very specific task - to change the DNS cache at the moment of entering an official and completely legal website. That is, the user thinks that he is following the correct link, but the automation forwards it to the phishing site. This type of fraud is incredibly effective and difficult to detect, because Trojans are hardly tracked while they are dormant.

Phishing protection

Conclusions

Despite its apparent simplicity, phishing is one of the most effective types of fraud on the Internet. Because it focuses on the weakest link in the network security chain - the user. However, in most situations, basic knowledge of confidential information protection and some paranoia will help you defend against such attacks. At the very least, it is worth making a few good habits - regularly update your antivirus, never share your passwords with anyone, enter website addresses manually or using bookmarks in browsers. And always check the links and files attached to emails.