Phishing emails – on a fishing trip at the data flow

Phishing emails – on a fishing trip at the data flow

The email from the principal bank came completely unexpected, its design very authentic, the content unsuspicious at first glance: ” We’ve detected a security breach in our systems. Please log into your account immediately to verify your identity”. – many recipients of such an email are not able to see its hidden fraud. That is because this is not a security breach or a well-intentioned advice from the credit institution, but a classic phishing email.

But how does phishing actually work and is a non-expert able to see through the scam? What happens after I fall for the fraud? Why are phishing emails called that way and how can I protect myself from these attacks? Questions about phishing are a dime a dozen. This blog post aims to shed some light on the abysses of phishing and shows not only how to uncover phishing emails with a few simple tricks, but also how not to let them into your mailbox in the first place.

The name says it all

The word “phishing” established itself in the USA in the 1990s and has less to do with the open sea and its inhabitants, but parallels to the English word “fishing” can still be drawn. Because in phishing, cybercriminals literally “catch” the personal data of their victims in a fraudulent way.

The word “Phreaking” also influences the naming process. It describes the sneaking of free telephone calls by generating a 2600-hertz tone played into the handset that could mislead certain switching centres in the USA, France or Japan, for example, to set up telephone calls.The amusing thing about this is that exactly this 2600-hertz sound can be produced with a toy pipe that was once a promotional item for the “Captain Crunsh” cereals. However, modern switching technology no longer allows this method, although this procedure is the beginning of today’s well-known “hacking”. The term “phishing” is a neologism of the two words “fishing” and “phreaking”.

How does phishing work?

A phishing attack is a digital identity theft. The hackers send fraudulent emails, which for example imitate the design of well-known Internet service providers such as Amazon or PayPal as well as leading financial institutions.

With the help of insidious pretexts, the partly appearingly fraudulent messages try to lure their recipients to fake websites to have them reveal their personal data. They claim, for example, that there has been a hacker attack and that the supposedly affected account is no longer secure. Only if the user verifies his personal data on the website which can be reached via a link, the security of the account will be ensured.

The link embedded in the email is often very difficult to expose as a fraud. This is simply because the cyber criminals put a lot of value on the fact that the implemented links look as authentic as possible. By buying domains, such as “amazn.com”, which look almost similar to the original, the fraud is successful in most cases. According to the Anti-Phishing Working Group (APWG), nearly 114,000 of such phishing sites were online in March 2018.

In order to make the fraud perfect, this obviously also applies to the sender addresses of the phishing emails. The actual Amazon sender address moc.n1544997770ozama1544997770@ylpe1544997770ron1544997770 will then be changed to moc.n1544997770ozma@1544997770ylper1544997770on1544997770.

With certain email clients it is also possible to use a display name to cover up absurd sender addresses, such as moc.n1544997770imaod1544997770@rekc1544997770ah1544997770, which have nothing to do with – in our case – Amazon. Visually, this fraud can only be detected with a precise look and most victims do not notice the fake at all or at least when it is already too late. Once the victim has entered his or her personal data on the malicious website, the information is transferred directly to the cybercriminals.

Phishing and its varieties

Regular phishing emails, like spam emails, are intended for mass mailing. Cybercriminals purchase large amounts of email addresses for this purpose or use data they have captured. These fraud messages are then usually sent to millions of different people. Even though for some phishing emails the focus is not on details, they can often achieve significant success rates – at least when you look at total figures. The situation is quite different with so-called spear phishing.

The method relies mainly on the traditional phishing scam, but in this case “spear phishing” is a targeted email fraud.It can be adapted to a specific company as well as to a specific person. The purpose is to steal sensitive financial or login data. Through social engineering, cybercriminals find out as much personal information about their tagret as possible in advance so they can fake deceptively real-looking email communication. In best case, the victim does not notice the fraud and is directed to a fake website, where he or she then reveals his or her data.

What do the digital pirates want to achieve?

In most cases, the information “obtained” by the cybercriminals is access data for online banking accounts or other web-based banking services, as well as credit card information in general being a popular target.

The motivation of the attackers can be quite different and ranges from financial enrichment in the sense of account robbery or the selling of data, up to hacker attacks on companies, which are accomplished by the information of the captured data.

I have been a victim of a phishing attack – what should I do now?

Despite all the security measures, it happened and you became the victim of a phishing attack. Often one notices this only when it is already too late. Now it’s time to stay calm and react quickly! It is best to inform the operator of the affected account about the phishing attack immediately so that he can initiate appropriate measures and make the fraud public. In some cases, you can also become active yourself by changing the access data of the relevant account or by locking it if possible.

How can I effectively protect myself from phishing?

The success rate of phishing emails is very high. In 2017, Trojaner-Info.de even reported about an extremely complex phishing attack against frequent flyers, which had an immensely high success rate of 90 percent. Becoming a victim of a phishing attack can happen faster than you think.This makes it all more important to be prepared in advance for potential phishing attacks. We have therefore listed the most important recommendations in the following section.

Hornetsecurity News


Stay in touch

Sign up to get the latest News about Cloud Security.

1. Sensibilisation

First of all, the right sensibilisation to the defence against phishing emails is a good base.. Many users are not sufficiently aware of dangers hidden in their email inbox, such as phishing attacks.It is therefore difficult for them to identify malicious emails as such. However, the risk of a phising campaign can be reduced with a little prior knowledge.

If phishing is suspected, the first thing to be checked is whether the sender address actually matches the original domain or whether it contains additions or spelling mistakes. If this is the case, it may be a first indication of a phishing attack. A further hint may be impersonal greeting, such as “Dear Ladies and Gentlemen”. For example, a bank would always start its emails to customers with a personal salutation. In addition, you should never click on links or buttons placed in emails, since as a “normal user” it is unfortunately very difficult to check if the supposed link destination is actually correct.

If the address is similar to the original domain and seems unsuspicious at first, you can check this by matching both URLs. In addition, you should never reveal personal information in any email communication.

2. Active protection

Beyond awareness, there are things that can be done to actively defend against phishing attacks. In the email client, for example, the “run active content” function should be deactivated, as this can lead to harmful content being automatically run unnoticed.

If you don’t want phishing emails to be delievered to your inbox the first place, you shouldn’t miss out on a spam filter service. Hornetsecurity’s Managed Spam Filter Service reliably filters 99.9% of all email threats, including phishing emails.

Hornetsecurity Advanced Threat Protection is designed to detect even the most sophisticated phishing campaigns through a bundle of security mechanisms such as Fraud Attempt Analysis, Identity Spoofing Recognition or Targeted Attack Detection. This ensures that no employee accidentally falls for a phishing email – even with the most advanced security measures.

Example of a phishing email:

Phishing email example

Classic phishing email in which cybercriminals disguise themselves as credit institutions. Using the pretext that there have been unusual login activities on the account, the target person is forced to verify their account details. The design is indistinguishable from the regular design of the bank. The email does not contain any spelling mistakes and the formatting is correct. Advertisements in the email with links to the real website and the QR coder for the banking app round off the overall picture. Since it is a credit institution from South Africa, even the sender domain “abSaMail.co.za” is quite credible. Only the prefix “xiphaMe” looks strange and indicates a fraud.

Example of a spear phishing email:

Spear Phishing email example

Example of a perfidious spear phishing email*. The fraudsters used social engineering to find out the names, email addresses and most likely the relationship between two employees. They then used the captured information to recreate an email communication that was as authentic as possible. Trust is built through personal salutations and insider knowledge of the company’s lawyer. The email address of the alleged sender is also entered in the name field. This is to suggest that it is actually the correct sender address. The actual sender address only follows after this.

*The example shown is a real spear phishing email. For data protection reasons, all personal information has been changed.

Malware – Cybercriminal’s favourite

Malware – Cybercriminal’s favourite

When the question is brought up as to what the term “malware” is all about, most people do not understand what the term is about. Often words like “virus” or “Trojan” are used. This is not necessarily wrong, but also not actually right. After all, the topic is much more complex and is not just about viruses and Trojans.

This blog post gives an insight into the world of malware and explains what the term actually stands for, why cybercriminals use malware and what kind of security measures are available.

More than just viruses and Trojans

“Malware” is a neologism composed of the two English words “malicious” and “software”. Mistakenly, malware is often used synonymously for the words virus or trojan, but the world of malware is much larger and more complex. In fact, malware is simply a collective term for various malicious programs, which in addition to viruses and Trojans also include “exploits”, “backdoors”, “spyware”, “worms” and “ransomware” – to name just a few of the most important representatives.

According to a study by av-test.org, trojans made up the majority of widespread malware on Windows with 51.48 percent. Far behind rank viruses with 18.93 percent followed by scripts with 10.56 percent. All other types of malware, such as ransomware, only play a minor role in the frequency of their occurrence.

Percentage of malware types

%

Trojans

%

Viruses

%

Scripts

Viruses, Trojans and worms – what are the differences?

Computer viruses are the classic type of malware and were already developed in the early 1970s. They are designed to infect other files and can spread from one computer system to another and contaminate it as well. Viruses cannot be activated without human intervention because the compromised file must be executed first.

A Trojan, on the other hand, is not a virus, but a malicious program that disguises itself as a good-natured application – which is why it is often referred to as a “Trojan horse”. Unlike viruses, Trojans do not replicate themselves. They allow hackers to take control of the infected system via a so-called “backdoor”.

Computer worms differ from viruses in their ability to spread without any intervention. By using a data interface, the malicious program can spread automatically. Since the worm can replicate itself within the system, there is a danger that not only one worm but hundreds or even thousands of copies will be sent. In the final instance, this can result in a system having to provide so many resources that no response or only extremely slow feedback occurs.

Spyware – The Spy in the System

spyware is considered the spy among malware types. It is out to record and steal entered user data. For example, it records logins in social media accounts or spies on account data during online banking. The captured data is then transferred to the hackers, who either resell it or misuse it for their own, mostly financial, interests.

Spyware can appear in different ways. On the one hand, it is possible that a so-called “keylogger” is used, which records keystrokes. On the other side, “Screencast” can be used to monitor the user’s screen activity. Hackers can also use a “browser hijacker”

 

Ransomware – When the computer demands ransom money

Ransomware is a form of malware that is able to prevent access to all data stored on a computer. The hackers encrypt the files stored on the hard disk and after a successful infection usually leave a message on the screen of the victim with the demand a ransom. If this doesn’t happen, it is threatened that the encrypted files – depending on the implementation of the Ransomware – will not be decrypted or even deleted.

There are plenty of ways to infect computers with ransomware. By far the most common gateway, however, is email communication. The cybercriminals often use social engineering to impersonate a well-known organization or a familiar person in order to suggest trust.

to impersonate a well-known organization or a familiar person in order to suggest trust.
In many cases, the Ransomware is contained in an Office document that is sent as an attachment. A pretext is used to persuade the recipient to open the file. In this case, all data on the hard disk is encrypted. Especially in recent years, there have been massive Ransomware attacks, known as „WannaCry“ or „Petya“. Even if Ransomware only appears rarely in the frequency of occurrence: The damage that can be caused by the aggressive cryptotrojans should never be underestimated! Measured in absolute figures, one percent of total malware worldwide is still a significant number.

 

 

Hornetsecurity News


Stay in touch

Sign up to get the latest News about Cloud Security.

 

Exploits and Backdoors – The ace up the sleeve

Exploits are a popular tool used by hackers to exploit vulnerabilities or security gaps in software and use them to enter computer systems. An exploit can be a simple theoretical description of a vulnerability or a directly runable program code.

The range of different types of exploits is so wide that there is the right exploit for almost every occasion. They differ not only in the type of attack, but also in their effects. Depending on its type, the malicious program can write or read data, for example, or even crash a system. Well-known exploit types are the zero-day attack and the denial of service exploit (DoS exploit).

 

 

A backdoor, on the other hand, represents an alternative, mostly hidden access to a software or hardware system. This enables the provider and its partners (e.g. secret services) but also hackers to circumvent the access protection and gain access to the system. As already mentioned, Trojans also have a backdoor, but it has to be clearly defined: The Trojan only serves as a means to an end, since it pretends to be a useful program and ensures that the computer can be compromised via the built-in backdoor. The backdoor ifself does not require a Trojan, as it can be installed in the system from the very beginning.

 

 

Many types of malware, one solution?

The professionalism of malware attacks is increasing day by day. In particular, attacks through ransomware are very popular among cybercriminals. Those who think that there is THE solution to the problem of malware are unfortunately mistaken. Rather, a company should have a sophisticated security concept with many different measures. In the following we will describe in detail which measures can be considered.

Many components must work well together to achieve an optimum of protection against malware. However, the most important point is to increase the awareness of employees against cyber attacks. A company’s employees must be conscious of the threats caused by malware. Information about the various malware distribution channels should therefore be integrated into the daily work routine in regular training courses, for example.

To be on the safe side, companies are advised to use a spam filtering service to prevent malicious emails from reaching employees’ email inboxes in the first place. In the unlikely event that a malware program should ever be able to infect an employee’s computer, then an antivirus program is still a useful method of defeating the invader.

Also updates should not only be common for antivirus programs. It is advisable to establish a process that regularly reviews the actuality of the programs used, in order to update them if necessary. Those who stick to these tips are at least less likely to become a victim for cybercriminals.

 

 

Additional information:

 

 

Email archiving and GDPR – the biggest myths at a glance

Email archiving and GDPR – the biggest myths at a glance

Citizens of the European Union have reason to relax: The introduction of the General Data Protection Regulation (GDPR) since May 2018 significantly strengthens the protection of personal data and at the same time initiates a new era of European data protection. But one man’s meat is another man’s poison. Not everyone agrees with the “strictest data protection law in the world”. Companies and organizations that have to implement numerous new policies and guidelines, are annoyed by the significant additional effort and the partly non-transparent regulations.

Since the GDPR also has a direct effect on the handling of emails, there are a few things to consider as well – especially with regard to the issue of email archiving. We show how the GDPR and legally compliant email archiving can be combined and explain the most important myths.

The devil is in the detail

As a company, do I really have to archive all emails and if so, for how long at all? These are typical questions asked by those responsible for implementing the GDPR. At this point, the GoBD (principles for proper management and storage) [only in Germany] play an important role. These principles specify how long emails with certain contents must be archived. It is not uncommon for archiving to be confused with backup, but clear differences must be made here.

While a backup ensures the temporary availability of data and its recovery, archiving has a different function: it guarantees the long-term storage of data on a separate storage medium for documentation purposes. According to the GoBD, an email always has to be archived if it operates instead of a commercial or business letter or a booking document. If the email is only a means of transport and contains, for example, an accounting document as an attachment, only the attached file as such must be retained, but not the email itself. However, a printout of the invoice is not sufficient.

Hornetsecurity News


Stay in touch

Sign up to get the latest News about Cloud Security.

The required retention period for business emails is six to ten years. However, small businesses are excluded from this regulation. The exact storage obligations for the different types of documents can be found in the tax code as well as in the commercial code. The situation is different with private emails: Companies, in which the private use of emails is at least tolerated, may under no circumstances monitor or store the private email communication of employees.

The GoBD also specifies that emails must be archived unmodified. This means that a simple storage of digitized documents at this point is not sufficient. Another misbelief is the storage via the email client. Simply creating a folder and manually moving all emails, that are required to be archived, is not sufficient either. The proper protection against loss or theft is simply missing here. But how can a company implement all these regulations as cost-effectively as possible and save time and resources?

The solution lays in the cloud

If you want to be on the safe side, you can rely on modern email archiving via the cloud. Cloud-based email archiving solutions offer several advantages for companies: they are fully automated, legally compliant and operate without the intervention of internal IT.

Hornetsecurity’s email archiving service, for example, ensures that emails are transferred to the archive fully automatically. A very precise distinction is made between clean mails and spam as well as info mails. The latter of course do not end up in the email archive. The complicated and time-consuming search for archived emails is also prevented by Hornetsecurity’s email archiving service.

Thanks to perfectly coordinated search algorithms, emails can be easily retrieved and filtered via the Hornetsecurity Control Panel. The administration is made easy for IT managers: Only a few clicks are required to manage Aeternum – regardless of whether this involves the import or export of emails or basic settings for the duration of archiving.

Additional information:

Spam emails – There’s life in the old dog yet

Spam emails – There’s life in the old dog yet

Laurence Canter certainly didn’t expect to go down in history one day as a pioneer of spam email. In 1994, the US lawyer was the first person ever to send messages that resemble the character of a spam email today. A computer specialist engaged by Canter and his wife flooded over 6,500 newsgroups on the Internet with advertising for their company. But this was only the beginning of a story that has now been going on for 25 years.

In this blog post you will learn everything about the history of email spam, the damage and dangers it causes and the right protection against unwanted messages.

Key figures on email spam

%

of global email traffic is spam

%

of all dangerous spam emails end up in German email inboxes

About Spam, Cybercriminals and Monty Python

Three things that couldn’t be more different: What has Spam got to do with cyber criminals and the comedy group Monty Python? The answer is: a lot. At least if you take a look at the history of email spam.

At the time Canter had his advertising emails sent, the Internet was hardly commercialized. It was therefore absolutely unusual for users to be confronted with advertising in such a direct way. This was reflected in particular in the reaction of the recipients. Therefore the lawyer was very soon confronted with fierce criticism. One user even called for “spam and coconuts to be sent to Canter and Co”. But “Spam” here, however, meant canned meat produced by the food company Hormel Foods, whose product name is an artificial marketing word made up of “spiced ham”. The angry user’s request can therefore be interpreted as an allusion to the content, which is as “soft” in coconuts and canned meat as it is in advertising emails.

The British comedy company Monty Python also contributed to the naming of the spam email. They did a sketch in the 1970s that was set in a pub. The guests of the pub can choose from several dishes, but each one contains spam. Then a horde of Vikings, also dining in the restaurant, starts singing “Spam, Spam, Spam, Spam, Spam, Spam, Spaaaam!”. The frequent and penetrating appearance of the word “spam” within the sketch, finally prompted the usenet forum administrator Joel Furr in 1992 to declare the increasing “garbage contributions” in his forums as “spam”. From then on the term prevailed.

Legendary spam sketch of the British comedy group “Monty Python”

Spam emails in the course of time

If you think that spam emails are a thing of the past, you are wrong. Although cyber criminals are increasingly trying to make life difficult for us with other lucrative fraud methods, such as phishing or ransomware, sending spam emails is still very popular. To put it in numbers: Between July 2017 and July 2018, the proportion of spam e-mails in companies was more than half of the total amount of e-mail traffic generated worldwide. In Germany alone, sending spam consumes as much electricity as a small city.

As if this wasn’t unpleasant enough, the proportion of dangerous spam emails of all email traffic is also increasing significantly. The increased risk potential of modern spam emails is primarily due to significantly improved targeting by spammers. Through targeted addressing and country-specific topics, spam emails appear much more authentic than a few years ago. Not only the quality of spam emails, but also the spammers’ preferred targets have changed.

While only 10 years ago the United States was the main target of attacks, another country has now moved past them: Germany. The proportion of spam emails in Germany has doubled compared to 2010. The main reason for this is probably the very good financial situation of the German population. Spammers expect the most lucrative sources of income here.

How dangerous are spam emails today?

While cybercriminals in the 1990s and 2000s mainly sent emails with advertising intentions, the situation is different today. Especially the sending of ransomware or other malware in email attachments has become very common among criminals.

Spammers use a fake identity to try to force the target to click on an email attachment infected with malicious code. They often claim that there is an unpaid invoice in the appendix. However, when the target opens the file, the ransomware it contains is activated, encrypting all files stored on the hard disk.

Hornetsecurity News


Stay in touch

Sign up to get the latest News about Cloud Security.

Another scam that is often carried out by means of spam emails is phishing. For example, the cybercriminals pretend to be well-known credit institutions. They claim that the customer’s bank account has been blocked for security reasons. To unlock it, the victim has to confirm his access data again. To do this, the target person has to click on a URL that is very similar to the real URL of the bank.

It can only be distinguished from the original by certain additions or another Top Level Domain. Amateurs often have no suspicion and will be forwarded to a website based on the design of the bank via the link. If they comply with the requests and reveal their data there, the cyber criminals will have direct access to the information. Some of the “fake websites” look so deceptively real that they are indistinguishable from the bank’s regular websites.

How do spammers get to my email address?

In order to protect oneself optimally against the flood of unwanted messages, one must first understand under which circumstances they end up in our digital mailbox. The fact is, if you keep your email address to yourself, you should normally not receive any spam emails. We only become the target of spammers when we make our email address publicly accessible on the Internet or entrust it to dubious service providers. But how do spammers actually collect our email addresses?

Spammers use so-called “harvesters”, also known as “spambots”, to search the Internet for specific email addresses. If you still want to publish your email address on the Internet, you can have it converted to Unicode with the help of free service providers on the Internet. Spam bots will then no longer be able to read them.

You should also be careful with unknown Internet providers who promise to make us disclose our data. A good example are websites that lure with competitions and possible money profits. Unfortunately, it is not uncommon that the alleged profit does not even exist and is only used as an excuse. Here, too, you can frequently go directly to the mailing lists of the spammers.

Perfectly protected against email spam – this is how it works

Without a doubt, the proportion of spam emails was significantly higher a good ten years ago at around 90%, but one should not be deceived by this development. Because it’s all about the sophistication of the spammers. They continuously ensure that the risk potential of spam emails increases. Without a professional spam filter which also detects viruses and other threats, employees not only spend a lot of time organizing emails, but are also exposed to constant threats. In addition to links to malicious websites, spam emails may contain malware and phishing links.

Only professional spam filters for companies such as Hornetsecurity’s spam filter service ensure absolutely “clean” mailboxes with spam detection rates of 99.9%. In combination with Advanced Threat Protection, even the most fraudulent attack methods, such as CEO fraud, ransomware and spearphishing are effortlessly excluded. Just during July 2018, about half of all emails scanned by “Advanced Threat Protection” were classified as malicious. The largest part of these emails, more than 90% of malicious emails, is due to dangerous threats, as stated in the Hornetsecurity ATP Analysis of July 2018. Thanks to the intervention of the Hornetsecurity Spamfilter Service and Hornetsecurity ATP, the recipients of these emails were not only fully able to concentrate on their tasks, they were also not exposed to the risk of a “wrong click”. This finally brings peace and quiet to your email inbox.

Additional information:

 

Hornetsecurity rocks at it-sa 2018

Hornetsecurity rocks at it-sa 2018

Hannover (20.09.18) – Hornetsecurity presents the first comprehensive Security & Compliance Suite for Microsoft Office 365 at it-sa 2018 in Nuremberg, following the motto “We equip heroes”.

The IT-Security fair it-sa, probably the most relevant trade fair in the industry, takes place from 09.10.-11.10.18 in Nuremberg this year. The Cloud Security specialist Hornetsecurity from Hanover is also represented and is going to rock the show.

Hornetsecurity exhibits together with its authorized distributors acmeo and ADN in hall 10.0, booth 10.0-606. Hornetsecurity will present its new solution for the Microsoft cloud service Office 365 at it-sa for the very first time. With “365 Total Protection” Hornetsecurity offers much more than just an IT security solution. Rather, we speak of a comprehensive Security & Compliance Suite specially developed for O365, which can be seamlessly integrated. Over 20 additional security and business functions that the solution involves, will be presented to the public at it-sa 2018 for the first time.

“We offer our IT partners necessary tools to be prepared for future requirements in the area of cloud security. The it-sa is exactly the right platform for us to find new partners and thus further consolidate our position as a market leader”, says Daniel Blank, Managing Director of Hornetsecurity.

Hornetsecurity News


Stay in touch

Sign up to get the latest News about Cloud Security.

In addition to the professional exchange at the trade fair, the event character should not be neglected either. On the first evening, Tuesday 09.10.18, the exhibition booth will be turned into a true party zone, starting from 6.30 p.m. Thanks to the stage and live band, it almost resembles a rock concert. Not to be missed is the popular Hornetsecurity beer wagon, which already made big headlines at the HAJ Marathon this year. Managing Director Daniel Hofmann announced that a total of more than 5,000 litres of free beer will flow on the trade fair.

Hornetsecurity’s main goal is to show their character. “Our business partners and customers greatly appreciate the fact that there are still ‘real people’ behind our innovative solutions – our employees who put their heart and soul into it,” says Daniel Hofmann.