In this article, we want to talk about phishing, how it works, and how to deal with it. Phishing is a method of collecting personal information using deceptive emails and websites. Social networks and online payment websites are among the targets of phishing attacks. Phishing is a destructive method to access people’s bank information and steal their property. In this article, we examine what you need to know about cyber attacks.

Definition of phishing

It is a cyber attack that uses disguised email as a weapon. In simpler words, encryption or phishing or trapping is an attempt to obtain information such as username, password, bank account information, and the like by forging a website, email address, and the like. Phishing occurs when a person tries to deceive another person to obtain their personal information and create an illegal market of several thousand billion.

What distinguishes phishing is the form of receiving the message. It happens that an attacker, posing as a trusted person with a trustworthy face, leads the victim to open an email, instant message, or text message. The recipient is then tricked into clicking on a malicious link, which can lead to the installation of malware, a system freeze as part of a ransomware attack, or the disclosure of sensitive information. An attack can have very devastating results for people, including unauthorized purchases and theft of funds.

An example of a phishing attack

A fake email purporting to be from myuniversity.edu is distributed to as many faculty members as possible. The email claims the user’s password is expiring. Instructions are given to go to myuniversity.edu/renewal to renew your password after 24 hours. Several things can happen when you click on a link. For example, the user is redirected to myuniversity.edurenewal.com, a fake page that looks exactly like the real renewal page that appears, where new and existing passwords are requested. By monitoring the page, the attacker steals the master password to access secure areas on the university network.

The user is redirected to the actual password reset page, but when redirected, a malicious script is activated in the background to hijack the user’s session. This leads to a reflected XSS attack and gives the criminal special access to the university network.

A history of phishing

The phishing method was explained in detail in 1987. This term was used for the first time in 1995. The word Phishing is abbreviated to Password Harvesting Fishing (which means hunting the user’s password through a bait), in which the letter Ph is replaced by F to induce the concept of seduction.

AOL recognizes the words used in AOL chat rooms to stop the accounts of people who use counterfeit software and stolen accounts. The ><> the symbol is substituted for any phrase that refers to stolen credit cards, accounts, or illegal activity. Released in early 1995, AOHell was a program designed to hack AOL users by allowing an attacker to impersonate an AOL employee and send an instant message to a potential victim, asking him to reveal his password.

To trick the victim into receiving sensitive information, this message may contain imperatives such as “confirm your credit” or “confirm billing information”. Once the victim disclosed their password, the attacker could access and use the victim’s account for fraudulent purposes. Both phishing and storage in AOL usually require custom scripting programs such as AOHell.

Phishing became so common at AOL that it added a line to all instant messages: “Nobody at AOL will ever ask for your password or billing information.” A user using both an AIM account and an AOL account from an ISP at the same time can unsubscribe AOL members with relative immunity because AIM accounts on the Internet can be used by non-AOL Internet members and cannot be acted upon.

Phishing techniques

Email phishing scam

An attacker who sends thousands of scam messages can obtain significant information and large sums of money, even if only a small percentage of these sums go to the scammer from the recipients. As discussed above, some of the techniques attackers use to increase their success rate include designing phishing messages to mimic real emails from an organization. do

Using the same wording, text, logos, and signatures makes messages look legitimate. In addition, attackers usually try to push users to action by creating a sense of urgency.

For example, as mentioned earlier, an email can threaten account expiration and put the recipient on a timer. Applying such pressures makes the user less diligent and intelligent. Finally, links within messages look similar to their legal counterparts but usually have wrong domain names or additional subdomains. In the example above, the address myuniversity.edu/renewal was changed to myuniversity. edurenewal.com The similarities between the two addresses create a secure link and make the recipient less aware of the attack.

Spearfishing

Unlike random app users, spear phishing targets a specific person or company. This is a deeper version of phishing that requires special knowledge, including its power structure. Unlike bulk phishing, spear phishing attackers collect and use personal information from their target to increase their chances of success. The attack may be as follows:

An attacker researches the names of employees in the organization’s marketing department and gains access to the latest project invoices. The attacker, posing as the marketing manager, emails the group project manager using a subject line he reads. Its text, style, and logo copy the organization’s standard email template.

A link in the email directs to an internal password-protected document, which is a fake version of a stolen invoice. The Prime Minister has been asked to log in to view the document. The attacker steals what he wants and gains full access to sensitive areas in the organization’s network. By providing attackers with a valid ID to log in, spear phishing is an effective way to execute the first stage of an APT.

Phone phishing

Not all phishing attacks require a fake website. Messages that are sent by the bank and ask the user to dial a certain number, for example, because of a problem with their account, can also be a phishing attack. Before getting the number (which is owned by Phisher and provided by Voice over Internet Protocol service), the user is asked to enter his account number and PIN.

Why does phishing increase during a crisis?

Attackers use deception and create a sense of urgency to succeed. Crises like the coronavirus create an environment for attackers to deceive victims more easily. Because during the crisis, people are on the sidelines.

Information that phishing sites may request from users includes:

  • Username and password
  • Social security number
  • Bank account numbers
  • PIN codes (personal identification numbers)
  • Credit card numbers
  • Date of birth
  • Identity information

How to prevent phishing

Protecting against phishing attacks requires actions to be taken by users and companies. For users, awareness is important. A fake message often contains subtle mistakes that reveal its true identity. These can include spelling mistakes or changes in the domain name. As seen in the previous URL example. Users should be careful and think about why they are even receiving such an email.

For companies, measures can be taken to reduce phishing attacks. These actions include:

Two-factor authentication (2FA) is the most effective way to combat phishing attacks because it adds another layer of verification when logging into sensitive applications. 2FA does two things for users:

  • Something they know like password and username
  • Something they have, like their smartphones

In addition to using 2FA, organizations should also implement strict password management policies. For example, employees should be required to change their passwords repeatedly and not be allowed to reuse passwords for multiple applications. Also, educational campaigns can help reduce the risk of phishing attacks by implementing safe practices such as not clicking on external email links.

Countering phishing through Imperva

Imperva offers a combination of access management solutions and web applications to combat phishing attempts. Imperva Login Protect allows you to use 2FA to protect URLs on your website or web application. This includes addresses that have URL parameters or AJAX pages, where 2FA is usually harder to implement. It does not require hardware or software installation and enables easy management of user roles and privileges directly from your Imperva dashboard. Using the cloud, the Imperva Web Application Firewall (WAF) blocks malicious requests at the edge of your network.

Leave a Reply

Your email address will not be published. Required fields are marked *