Phishing is a type of social engineering attack often used to steal user data, including login credentials and credit card numbers. There is another definition for this attack. We can say Phishing is the fraudulent use of electronic communications to deceive and take advantage of users. Phishing attacks attempt to gain sensitive, confidential information such as usernames, passwords, credit card information, network credentials, and more.
In a phishing email attack, an attacker sends phishing emails to your email that looks like it came from your bank and they are asked to provide your personal information. The message contains a link, which redirects you to another vulnerable website to steal your information. In this way, the attacker has been able to access valuable information. It is also possible that the attack was designed in such a way that after taking you to a fake website, other side effects will occur. Measures such as installation of malware on your computer, the freezing of the system as part of a ransomware attack or the revealing of sensitive information.
Sometimes attackers are satisfied with getting a victim’s credit card information or other personal data for financial gain. But sometimes, phishing emails are sent to obtain employee login information or other details for use in an advanced attack against a specific company. There are several other cyber-attacks that are very similar to the phishing attack and are only slightly different from each other. Attacks such as Pharming, Vishing and Smishing.
FBI has said in a report on cybercrime in 2019 (you can see it here) that this type of attacks have managed to cause about $ 58 million in loss to individuals and organizations (Page 20 of this report). In addition, about 115,000 people or organizations have been victims of these attacks (Page 19 of this report). Keep in mind that this report is only for individuals and organizations in the United States. Do you see how terrible these attacks are? Yes, you have every right to be terrified.
Types of Phishing Attacks
Some specific types of phishing scams use more targeted methods to attack certain individuals or organizations.
It’s a more in-depth version of phishing. Spear phishing targets a specific person or enterprise. At result, attackers will often gather information about their targets to fill emails with more authentic context.
Clone Phishing involves taking a legitimate email in order to use it to create an almost identical email, in other words, email is send from an address resembling the legitimate sender, and the body of the message looks the same as a previous message, but the links in the email are replaced with something malicious. The attacker may write in email to explain why the victim was receiving the “same” message again.
A phishing attack specifically targeting the enterprise’s top executives is called whaling, as the victim is considered to be high-value, and the stolen information will be more valuable than what a regular employee may offer. The content of a whaling attempt will often present as a legal communication or other high-level executive business.
How to Prevent Phishing
Methods of preventing or counteracting this type of attacks can be divided into two main groups:
- Training users (employees)
- Security technologies
The most important thing is to inform users about this attack and the techniques it uses. These types of cyber-attacks are usually detectable with a little bit of precision because they have relatively identical and clear symptoms (if the user is careful and intelligent, of course). Symptoms such as:
- ‘Too good to be true’ offers
- Unusual sender
- Poor spelling and grammar
- Threats of account shutdown, etc., particularly conveying a sense of urgency
- Links, especially when the destination URL is different than it appears in the email content
- Unexpected attachments, especially .exe files
For example, user must know that a spoofed message often contains subtle mistakes that expose its true identity. These can include spelling mistakes or changes to domain names.
Also, the user should always pay attention to two things on websites where financial transfers are made (such as bank websites, online financial transactions websites or online stores):
- User must in the web browser’s address bar, see the closed lock icon. This closed lock symbolizes that this website is a reputable and secure website. This means that the website has security certificates related to information encryption (under the SSL Protocol). All banking websites, all reputable online stores, and the like have a security certificate.
- Before any action, the user must carefully check the website URL. It is not possible for two different websites to have the same URL. Always The URL of a fake website is slightly different from the original and legitimate website.
The user will be largely safe from such attacks if they follow these instructions. He should not enter the smallest information on such websites or should not even click on a link.
- Two-factor authentication (2FA): It is the most effective method for countering phishing attacks. 2FA incorporating two methods of identity confirmation—something you know (i.e., password) and something you have (i.e., smartphone).
- Using anti-malware: Anti-malware has components for web communications. These components typically have names such as Web Control, Web Anti-Virus, mail Anti-Virus and IM Anti-Virus. One of the most important tasks of these components is that if the user clicks on a link (in the web browser, in the email and in the Instant Messengers), if that web page is a suspicious or dangerous page (in terms of the possibility of computer and network threats) prevent the page from loading and block that web page. Very rarely, these malware may error in identifying these pages.
- Changing the password: As a very good preventative measure, organizations should enforce strict password management policies. Employees should be required to periodically change their passwords. We are well aware that operating systems have the ability to force users to change their passwords at regular intervals by setting a policy.
- Web Application Firewall (WAF): This firewall blocks malicious requests at the edge of your network. This also includes phishing attacks. You can read more about this type of firewall in the final sections of this post.