As we are moving further into the second half of 2019, what seems to be increasing more than ever is the Phishing scams and attacks. As per the Enterprise Phishing And Resilience Defense Report by PhishMe, the attempted phishing attacks grew to 65% in 2018. Before going further, let us understand what “phishing” is. Phishing is an illegal way of acquiring information like critical password, account details, and credit card number by masquerading one’s identity and enacting as a trustworthy entity in electronic or online communication.
As per WebRoot’s Threat Report, around 1.5 million new phishing websites have been created each month. Intel found out that around 97% of the people were able to identify a sophisticated phishing mail, irrespective of their internet-literacy. Human vulnerability remains the most prominent error why phishing went on becoming this unpopular.
This is the most common types of phishing where the fraudsters or the scammers impersonate a legitimate company in an attempt to steal people’s information. Generally, they come up with a sense of urgency to scare the users into doing the attacker’s bidding. The mail might include a compromised PDF or an URL leading to a malicious site which would steal in the details.
One of the obvious examples is the “Netflix Phish”, which happened in 2017 and plagued users of the content streaming platform. The email included imagery content which promoted its content as well as encrypted user-side HTML in the phishing page.
Spear phishing is a more sophisticated version in which the sender uses available information to direct their request at you. The fraudsters customize their attack emails with the target’s name, company, work phone number, etc in an attempt to trick the recipient into believing that they have a connection with the sender. The end goal is the same- luring the victim into clicking a malicious data or URL so that they can have access to their data.
One of spearphishing example is The Scoular Company, which is a commodities trading firm, was scammed more than $17 million in a phishing scam. The phishers pretended or masqueraded themselves as the CEO of the company and sent mail to the company’s controller, instructed them to wire funds. (the email address was from a Russian server and the Skype phone number was registered using an IP address in Israel)
CEO Fraud is the second phase of a business email compromise (BEC) and the phishers can go ahead with the CEO Fraud once the whaling attack has been successful, where the fraudsters attempt to harpoon the executive from the enterprise and steal the log in details. After this, the attackers impersonate the executive and start abusing his/her email to authorize wire or bank transfers to the financial institutions of their own choice.
The reason the executives are targeted for the whaling attack is that they are not a part of the security awareness training. But this needs to be taken care of and everyone including the CEO needs to be a part of the security training.
Crelan Bank in Belgium is the most suffered organization as a result of the CEO Fraud phishing attack, which was a loss of around $75.8 million and it was discovered during an internal audit. One of the healthcare phishing examples that got affected by CEO fraud is Magnolia Health Corporation.
Pharming is a phishing practice on a broader scale, where the phishers hijack a website’s domain name and use it to redirect the visitors to the imposter site. Instead of “baiting” their victims, the attackers are conceptualizing into Pharming, stemming from Domain Name System (DNS) cache poisoning. In this attack, the pharmer attacks the DNS server and changes the IP address associated with an alphabetical website name.
A critical Pharming attack was reported in 2006 in Microsoft Corp’s software, where the attackers rigged the website with malicious code. The attackers also installed a "bot" on users' PCs, which gave the attacker remote control of the infected machine.
The organizations should encourage the employees to enter the login credentials only on HTTP protected sites to prevent any pharming attacks. Even the companies should implement proper security upgrades issued by a trusted Internet Service Provider (ISP).
As most of the email systems have started scanning the emails for a malicious link, the attackers are nowadays coming up with embedding them within shared files and posting them on trusted sites like Dropbox, box, Gsuite, etc. Generally, the attackers send a mail, which doesn’t look suspicious, which points to a file hosted on a legitimate sharing drive like OneDrive by Microsoft. The document contains a link, which can’t be scanned by file-hosting services.
For example, millions of people use Dropbox on an everyday basis. One attack campaign tried to lure users into entering their login credentials on a fake Dropbox sign-in page.
The users should consider going through the 2 step verification in order to protect their accounts from the phishers or the attackers.
It's similar to that of Dropbox phishing, where a message invites the victims to view the documents on the Google docs. The landing page is Google Drive itself to make it look promising and convincing. Once you enter your credentials, it will take you to the scammers, who aims to access your google account, spreadsheets, presentations, photos, etc. Not only that the scammers can abuse the service to create a web page which mimics the Google account login screen.
A similar kind of phishing happened in 2015 when not only did unknowingly host the fake login page but a google SSL certificate also protected the page with a secure connection.
In order to prevent this from happening, examine the page carefully for such errors like corrupt characters in the language selection box.
There are many more phishing examples like Voice phishing, also called Vishing, which is phishing over the phone. Voice phishing examples include fake calls asking for your bank account details. Clone phishing is also one of a kind wherein the attacker wants to take advantage of the messages that the victim may have already received, in order to create a malicious version of it.
CoinSwitch.co is the world’s largest cryptocurrency exchange aggregator which supports 300+ coins and over 45,000+ pairs. It provides an easier way of trading through global exchanges like Binance, KuCoin, IDEX, Huobi, Ethfinex, HitBTC and Cryptopia without creating an account on them. If you are interested in buying cryptos, do give it a try!
2020-05-06 12:40:51.777171 | 2 min