Cybercriminals are currently trying to obtain sensitive data from ING-DiBa customers with dubious fake emails. The fake email claims that a problem has occurred during a routine security check of the online banking system. It advises that customers should immediately log on to an external website to avoid troubles with their bank.
However, in reality, this is a phishing attack that tries to collect personal information. In the following blog article, you will learn in detail how to protect yourself from fake emails or phishing attacks.
The fake email from our example
A German ING-DIBA fake email (click for zoom)
The adjacent picture shows the detailed structure of the fake email – allegedly sent by ING-DiBa – in an iPhone mailbox. In fact, the email is part of a mass phishing attack and the message was sent fraudulently to a variety of email recipients.
For example, the subject line states “For Your Safety (Reference Number: xyz)”, and the presumable arbitrary order of the combination was set to “kx5qrvnzx3h” in this case. Before we blackened the personal information for reasons of data protection, we noticed that both the recipient’s address and the sender’s address had the same information. This was already a first indication of a fake email.
This scam is not uncommon amongst perpetrators when it comes to gathering information about their randomly selected victims via phishing. Those affected are especially inclined to follow the attached link if the phishing or fake email is opened on a mobile device, as it is in this case. This is particularly true if they are actual customers of the bank mentioned in the email.
In everyday life, too, recipients of phishing emails are also quick to follow the link when receiving such an email. The attacker offers the targeted person appropriate options in case a recipient does not have an account with ING-DiBa. In our example, the recipient has the opportunity to follow a flashy red button and allegedly communicate that he is not a customer of ING-DiBa. The destination of the link, however, is a phishing website, which is intended to tap user data in a big way from the mostly unsuspecting victims. The fake security notification of ING-DiBa is not an isolated case.
6 tips to detect phishing or fake emails
With the following tips, you will be able to detect phishing or fake emails to protect yourself from being affected by such attacks.
Feature No. 1: The salutation
It is striking that either a standard phrase is used to address the target person, or the salutation is completely missing. Very rarely recipients of phishing emails are addressed with their whole name. This is due to the fact that fake emails are not isolated cases, but often automated emails which are sent out millions of times. Individual addresses are rather the exception. In our example there was no address at all.
Once the victim has entered his details into the according form fields and pressed the confirmation button, the cybercriminal is in possession of the login details. Now he can make orders in online shops under false names or get access to sensitive account or company data. The phishing attack has been successful.
Stay in touch
Sign up to get the latest News about Cloud Security.
Feature No. 2: Content of the email
A phishing mail is contextually designed to hide the true intentions towards the recipient at least until he first clicks on one of the attached links. These following baits are very popular with cyber crooks:
- Fake emails in the form of alleged PayPal security notifications
- Phishing emails which seem to come from banks or other institutions
- Fake email notifications that seem to come from Amazon or Ebay
- Fake security issues in social media accounts that need to be resolved promptly
This shows that cybercriminals are very creative when it comes to fooling their victims.
Feature No. 3: The call to action
Once the attacker has created and sent out his fake email, he urges the recipient to act. In this specific case, the targeted person is initially led to an external page by clicking on a link. This page usually resembles closely the login area of a bank, an online retailer or any other company that offers certain Internet services.
Feature No. 4: The time shortage
An effective means often used by attackers is the limitation of time. This is an attempt to put the victim under stress and distract it. In our example, this is stated as follows: “Please log into your account as soon as possible to avoid any delay in your banking activities.”
Fear-spreading phrases in the subject line, such as “Your account has been suspended” or “An amount has been debited from your account” are also quite popular and common. These sentences cause some recipients to panic, so they follow the attached link without much thought.
Feature No. 5: Questionable buttons and links
In order to successfully carry out the process of phishing, a related link in text or button form is part of the standard repertoire of any phishing or fake email. This is also the case in our example.
Therefore, when it comes to questionable security queries that have a link, we recommend that you do not access these links from your email program. Instead, you should always directly log in to your user accounts via a browser or via the official website of the provider. This applies to online services of any kind.
Feature No. 6: This is how reputable companies and institutes work
As far as the detection of phishing emails or fake emails is concerned, it should always be remembered that reputable companies or institutes would never ask you to disclose personal information via email.
For this reason, various banks regularly point to the problem of fake emails or the so-called phishing mails. One bank states for example:
“Volksbank Raiffeisenbank or BVR will never ask bank customers for personal information such as PIN or account number via email. Neither will we insert a link to online banking in emails or ask bank customers to make test or remittance transfers. These practices are always indicators of attempted fraud.” (Source: Volksbank Raiffeisenbank)
Therefore, you can delete such an email immediately. This is ultimately the simplest way to counter a phishing attack.
Additional service information
Reputable and hardly suspicious – that’s how phishing emails, which have been circulating for several months and which allegedly come from Amazon, reach the mailboxes of many users. The reason for this is that those emails do not appear to be a cunning fraud but quite the opposite. They are so good in copying the design of a real Amazon email that they are hardly indistinguishable for end users. In addition, the cybercriminals use a personalized form of address in these phishing emails, which adds weight to the credibility of the email.
Example of such an Amazon phishing email (Click to enlarge image).
A phishing email personalized in this way is referred to as a “spear phishing attack”. These targeted attacks aim specifically at a single person or group of people. The behavior and personal data of target persons are spotted in advance in order to personalize the spear-phishing email the best possible way. Those fraud emails can only be identified through the sender address with which they were sent. These can, for example, be as follows:
More detailed information about possible sender addresses, the structure of phishing emails and content can be found here.
Stay in touch
Sign up to get the latest News about Cloud Security.
What do the attackers want to achieve?
Referring in the email to the Federal Data Protection Act, the victims are requested to verify their data. By clicking on a link, they are redirected to a fake website that is almost indistinguishable from the real Amazon site. On closer inspection, only the URL used does not match that of Amazon.
On the fake sites, the people concerned should then disclose data of themselves. Otherwise the hackers threaten to block access to the account, as shown in the example above. This is, of course, a hollow statement. Anyone who responds to this request, however, transmits his data directly to the fraudsters. The cybercriminals use the obtained data to make purchases at the expense of the person concerned or to misuse them for other criminal activities.
Does Hornetsecurity Advanced Threat Protection detect fake emails?
Hornetsecurity Advanced Threat Protection is able to detect the new Amazon phishing emails as well as other targeted attacks. Safety mechanisms including Fraud Attempt Analysis, Identity Spooning Recognition and Intention Recognition can filter out threats of this kind. A loss of sensitive data can thus be prevented and Amazon phishing emails do not even get into the mailboxes of a company or employees.
Additional service information
When Denial-of-Service-attacks paralyze organizations
You often read news reports which state that a DDoS attack was responsible for the breakdown of a company’s website. Such an attack uses hijacked systems to intentionally generate a flood of data which paralyzes a company. Amongst others, email servers are frequently subject to DDoS attacks.
These attacks lead to the unavailability of websites and other services for a certain period of time. This outage of service can span from a few minutes to a few hours and even multiple days. Downtime – a nightmare for every organization.
DDoS attacks are not only able to hit the IT-structures of big international firms, which usually have well-engineered security concepts, they can harm smaller companies as well. Public institutions, administrations and authorities are also targets of these attacks. The reasons behind them are manifold: They can be traced back to the pure enjoyment of ‘destruction’, but the intentional harm of competitors or foreign governments can also be motives for these actions. Even hate and vengeance often cannot be ruled out here. For this reason, resorting to a reliable security system is inevitable.
DDoS attack: Digital vandalism impairs reputation
Stay in touch
Sign up to get the latest News about Cloud Security.
Each second in which, for instance, a mail server or certain kinds of website services are unavailable is expensive for an organization. This is especially true for companies which primarily process their transactions and offer their products and services online. The same goes for business divisions which handle their customer support services using email. The costs, however, do not only derive from the lost revenue during downtime. Having to quickly take measures of defense and potentially needing assistance from external experts can likewise become a cost driver. On top of everything, the impairment of the company’s reputation is another problem.
A company which the customer does not trust will not be able to have a solid long-term business base. For this reason, it is understandable that nearly 50 percent of affected companies keep quiet in the event of a cyber-attack. The fear of having to publicly admitting to a damage of their image is too severe.
This form of damage control might work in cases of simple cyber-crimes. It does not suffice however when it comes to DDoS attacks or forms of attacks that are a lot more complex. That is because these attacks do not only disrupt the activities and processes of the business unit, but often also cut through to the outside. Customers then notice these disruptions since they are directly affected by them as well.
Reliable IT security concepts are the solution
Companies should therefore be ready for DDoS attacks and every other form of cyber-attack. Security solutions such as the Hornetsecurity spam filter service are able to recognize a DDoS attack on a mailing server early enough and to fend them off. In the case of more complex forms of attack, like ransomware or identity theft, it is recommendable to use Advanced Threat Protection. This is a security solution which reliably recognizes and inhibits ransomware, blended and targeted attacks as well as digital espionage. Advanced Threat Protection’s (ATP) special analysis engines ensure this process. You can learn more about this here.
How can companies protect themselves from a DDoS attack?
But back to DDoS attacks. To prevent these, companies and authorities should take certain security precautions. What to do to effectively protect oneself from a DDoS attack.
1. The explosiveness of a DDoS attack
In principle, every organization can become the target of such an attack. Ultimately every firm and every administration must ask itself: “What would be the consequences of an outage of the mail server for me?” This question is important as the force of a DDoS attack can take shape in different strengths in the business environment. Downtime will be severely worse for a retailer who manages his shop online, compared to a local craftsman’s establishment. The result however is not much different for either of them. In the end, both want to maintain communication with their customers via email. For this reason a security concept is absolutely essential.
2. IT risk management
It is also important that the company takes precautions and implements specific courses of action in case of a DDoS attack. Should it come to a cyber-attack, a contact person should be immediately available. This could be an IT security officer in the company itself or an external employee of an IT service company, which offers appropriate security services and looks after IT security management.
3. Response to blackmail
Similar to ransomware, a successful DDoS attack, as a popular method, can be attached to a claim for money. This is a profitable business model for cyber criminals. This is especially true because the affected companies often agree to the offenders’ claims to avoid allegedly severe consequences. The BSI advises not to be susceptible to blackmail and to refuse to pay these respective sums of money. Instead, those affected should get the police involved and get support from professional IT security experts.
4. Implementation of defensive measures
The most important measure to avoid a DDoS attack is to not let it occur in the first place. For this purpose a competent IT security solution is vital – ideally, one that is cloud-based. The reason for this is that these providers have a much more powerful infrastructure and are able to parry even severe attacks without problem. In addition to that, customers do not have to worry about the installation and maintenance of the hard and software.
Tsigab is doing an apprenticeship at Hornetsecurity. He is from Eritrea and has been in Germany for only three years. Today we would like to introduce him to you.
Please briefly introduce yourself to us.
My name is Tsigab, I’m 26 years old and I’m living in Germany for three years now. I’m originally from Eritrea, which lies north of Ethiopia. In April I started working at Hornetsecurity as an intern and now I am an apprentice here.
Why did you applied to Hornetsecurity?
I have been interested in the job description of an IT-specialist for a while now and was able to gain some experience in my three years in Germany. I came across Hornetsecurity at the employment agency and applied directly for the advertised position.
What does your work routine look like?
At the moment I’m working in the area Service Operations, where I independently create spam rules for our spam filter service. I make sure that spam emails are recognized by our filters and treated as such. In addition, I get a good insight into other tasks that come up here at Hornetsecurity. Right now I’m being introduced to the Linux-administration and Bash Script.
You already mentioned it: What have you done before your internship at Hornetsecurity?
It is five years since I first worked in the IT field. Next to repairing computers I also made simple configurations of web servers and networks. From these previous experiences I benefit now. Now I want to improve my expertise and with Hornetsecurity I’ve found the right partner for that.
What do you do outside of the Hornetsecurity offices?
I like spending time with my friends in the garden. We love to care for plants and plant something new. To see how a small seed grows to a beautiful plant is triggering a positive feeling. After the gardening comes of course the pleasure. We relax and look proudly at our work. I always take my laptop computer with me because we occasionally like to play videogames. Furthermore, I like reading books and listening to music. If the weather is nice, I like taking a walk in Hanover to become familiar with my surroundings.
What is your decisive argument for going to work with pleasure?
Clearly my colleagues, who integrated me kindly into the team right from the start. I can always rely on their helpfulness. So I felt comfortable right from the beginning. The work at Hornetsecurity comes right after that. I really enjoy my work, which is very versatile because of the insights into the different departments.
You have been in Germany for three years. What are your plans for the next three years?
Firstly I want to continue my apprenticeship at Hornetsecurity and, of course, finish it successfully. Then it is my wish that I can continue my career at Hornetsecurity as a permanent employee.