PHISHING
A RANSOWMARE is a malware that denies the legitimate user’s access to their own files and devices by encrypting them using advanced algorithms and asking for a ransom (payment) in order to unblock them.
Attack Vectors
Phishing is a less sophisticated attack that comes in two phases: the e-mail containing malicious URLs and the fake website. The e-mail contains the social engineering component, because its objective is to trick you into believing that it is a legitimate communication from a reputable entity and to make you execute its Call To Action. The e-mail may have various formats, we present you in the following several examples:
Messages coming from your bank asking you to validate your credentials. Or to change your credentials, asking you to introduce the existing password.
Messages coming from your bank warning you about unauthorized transaction from your account that have triggered the account blocking procedure. To unlock it you must enter the fake website, put your username & password and they are asking you also some classic security questions.
Message coming from PayPal or eBay warning you about unusual activity or about a transaction and asking you to enter the website and confirm.
Messages coming from reputed platforms, like Google (especially important for the relationship with your account on Android devices), Facebook, LinkedIn, Twitter etc. The attackers are just “harvesting” credentials aiming to validate and use them in other platforms or in other applications, betting on the password re-use behavior of most users.
Some other more “explorative” messages pretend to come from e-tailers and special discount platforms, trying again to harvest credentials.
The website component is the less sophisticated part of the phishing attack: the cybercriminals are simply copying the legitimate pages of the reputed entities, imitate their legitimate authentication, configuration and usage processes, and place them under domain names very close to the originals or camouflaged in complex URL constructions that give the unaware user without any clue where it is hosted or whether is the original or fake website.
Prevention Tips and Advice
Although the sophistication of the attacks is considerable, there are several simple tips that you may consider in order to avoid the phishing attacks:
Treat cautiously any unsolicited message and, as a rule of thumb, don’t click on URLs contained in their body unless you are 100% certain they come from whom they say. Please try to look into the message headers (here you can find how to do it in Outlook) because 99.95% of the phishing messages are coming from spoofed addresses that are easy to spot in the headers: for example they appear to come from John Smith from yourbank.com in the To field, but in the header you see that the sender is something like q23243sweybyf@123tyourbank.com (or from some other domain name)
When you receive messages containing URL-s you can always check the URL structure and real Internet address at mouse over (when you pass with the mouse over it). Be careful as the attackers are using very similar names or trick you by using numbers (ex: Cit1Bank, or Micros0ft, or Gogle/Gooogle, or Aple, or 1NG Bank). Also, be careful at URL structure – for example while https://authentication.mybank.com is a subdomain of MyBank, a construction like https://authenticationservice.com/MyBank/ is a subdomain of authenticationservice.com.
Please use an antimalware solution that contains web and content filtering modules, because these controls are very effective against phishing websites, blocking your access to dangerous pages, pre-validating their content and also warning you about suspicious aspects. Also, a good antispam solution will filter more than 90% of the phishing messages.
If the message is pretending to come from your bank, please consider that no bank is asking you to give them the credentials in pages referred by URLs in messages, instead they are asking you to enter normally (preferable manually) into your accounts and check their communications in the Communications or Messages section of the platform. And in doubt, better call directly your bank contact or their Customer Support.
If you receive unsolicited messages pretending to come from your social networks, please try to access the respective social networks by using their respective mobile apps or by MANUALLY TYPING their address in the browser.
When you receive special offers from retailers, validate them in browser by manually entering your account and checking whether they are real. If you don’t have an account to those retailers, just ignore the message.
There’s no reason to postpone training your employees
Get a quote based on your organization’s needs and start building a strong cyber security infrastructure today.
