Phishing

The danger of malicous phishing mails

What is Phishing?

Phishing is a type of social engineering, which mostly works via scam emails. It’s a way hackers try to manipulate victims to lead them to a specific reaction, like typing in a password or opening a malicious document. The cyber-criminals try to bypass the email security companies have via appealing to specific employees in a personal way. Phishing is not malware, it’s a scam tactic, that elite hackers have in their toolbox to gain information or spread malware in order to breach the security of companies without an extended amount of effort. How exactly does this technique work? How you can protect yourself?

Phishing Mail Ocean

The basic knowledge of phishing

First, you should know what Social Engineering is. Social Engineering is in general, applied social sciences, but better known as social manipulation or scamming. For Social Engineering the offender uses psychological knowledge to manipulate the victim to do what they want them to do. One technique is to pretend to be a colleague of the victim, an example would be a colleague from the system administration department sending out a scam email disguised as email from system administration department head. The victim is a way more willing to do, what the hacker wants the victim to do with his computer if he thinks that the attacker is a colleague. Another method is to prepare a scam email, which looks like an email from a company you trust, like PayPal. The hacker uses this scam email to lead the victim into the trap to gain access to their PayPal account.
Phishing is a scam email attack from cyber-criminals using the techniques discussed above. In general, there are two types of phishing attacks. First the easier method, the cyber-criminal doesn’t need much information about the victim. He sends out as many phishing emails as possible, to as many recipients as possible. Underlining the idea, that in a mass of people, someone will react in the way they want them to react. The chance getting higher and higher the more emails sent out. The other variation of phishing emails is called spear phishing. Spear phishing emails are much more personalized than a normal phishing email. The hacker tries to attack one particular victim and manipulates them with emails to give over the data wanted.

How does Phishing work?

Normally the target of the cyber-criminal, also known as a Phisher, is able to get login credentials, mostly of services like PayPal or similar. Otherwise, they are usually attempting to steal credit card information. In order to reach this goal, they use phishing emails. These emails are often structured like an email from the real service (Paypal, etc), which the hackers use to trick the user into giving up their login credentials. For example, they build an email that looks like an email from PayPal. In this email you are often asked to click on a link to type in a new password, because someone new logged in to your account or something similar. They can also use attached documents, in which case you are asked to open the file mimicing something like an invoice, with Malware inside. This malware could be tracking everything you do on your computer afterwards. It could sound a little bit paradox that phishing emails work with emails, that normally should warn you about someone trying to get into your account. That is the moment the social engineering part of it is important. In the moment you get an email, that says someone tried to get in your account, you get in psychological stress. Imagine someone successfully stole your PayPal credentials, they could have potential access to all of your money. The hackers are using these thoughts to manipulate their victims.

Infographic about phishing

How can I detect phishing?

How can you differentiate between the real email? Which is very important to get, and those emails which are just phishing emails? There are a few warning signs which help to recognize phishing emails, and differentiate them to the real emails. With these simple tricks you often can identify phishing emails. It is important to train yourself to question every email, especially those you didn’t expect, with the question ‘could this be a phishing email? .

1. Missing personal salutation

First thing you can look for is, if the email is addressing you with your name. Often phishing emails using phrases like, dear customer or similar. The real companies often use your name, to make sure you can see their email isn’t a phishing email and it sounds a way more serious.

{

2. Grammatical and orthographic deficiencies

Also, you should look out if there are misspellings or grammatical errors in sentences. Often phishing emails are originally written in another language, and then simply translated with an online translator. Because of this there are often many mistakes in phishing emails.

3. The sender

Tip three, to protect yourself from a phishing email, double check the email address. Often the email address is very similar to the standard email address from the real company, but is not the proper sender address. For example, the real email address would be service@paypal.com and the phishing email address could be service@paypai.com. Within the first look you wouldn’t see a difference. So, you have to train yourself to take a closer look at the sender of emails, to make ensure that it is not a phishing email.

4. Email header

On the other hand, good cyber-criminals are able to manipulate the email in a way that it looks like you got the email from the sender you expected. For people with a strong technical background there is the opportunity to investigate the email header to find code that shouldn’t be there or is incorrect.

s

5. Private information

Cyber-criminals try to steal your personal data. They are looking to get passwords, PIN’s and TAN’s. A bank never would ask you for such data in an email. If there is a question for this data, you can be sure you have received a phishing email. This is also a reason banks send all important things via postal … or in the inboxes of their own banking apps/internet-portales.

6. Deceptive attachments

Sometimes the phishers send scam attachments. This often happens when targeting victims whom are employeed by companies. In companies, it’s normal to send emails with attachments in different formats. Employees are familiar with opening all email attachments, without thinking about it. If the cyber-criminal sends out an email with a document called ‘final reminder’, the employee might then have a higher stress level. So, without even thinking about phishing, open it and send it to accounting. In the background of the file, there is malware which can now read everything written on the PC. The lesson here is to not open documents you are unsure of. Think about the sincerity of the email, and do not open the file without truly knowing the sender is verified.

7. Dubious links

Another method of hackers is to lead the victim to a scam website via a phishing email. The phishing email asks you to click on a link to a website which seems to be the real website of a company. Often the link pretends to be the real website, but there is a subdomain inside, which then leads you to a fake website. For example, the email says you have to login to Google to change your password. You normally would be lead to a website like www.google.com/login , but the URL in the email could look like google.com.login.tinyurl.co. In this case you wouldn’t be leaded to google.com, you would be leaded to tinyurl.co. This even works after a ‘/’.

On these phishing websites they often want the user to type in a password, PIN or something similar. If you get an email like this, you shouldn’t use the link in the email. If you want to be sure, that no one stole your credentials, you should go to the website via typing in the URL by yourself in your browser.

j

8. Fake form fields

On those scam websites, there is another possibility to get access to your sensible data. Do you have problems with remembering long numbers? So glad that you can save your credit card information to Google, so you never have to type in the number anymore? But watch out! There is a big risk with auto fill forms Google, Safari and all the other services offers you. The hackers can place a form on a website outside of the visible area, where you ask for the credit card information. So, the cybercriminal leads you to their fake website, and there you are asked to type in your name. Google proposes to you to use his auto fill form. What you don’t see is the credit card form, which automatically also gets filled. Don’t save your credit card details to an auto fill tool.

9. Language

One last point is the language. If you are an American, you have your money in a US bank. Now you get an email, which seems to be from your bank, but is written in Spanish. Now ask yourself, why would they write you a Spanish email, even if they know you are speak English? You are right, there is a high risk. This is a scam attack and you should not react. Additionally you should be skeptic if you even get an email with important data from your bank, because normally they would send it via direct email or in your bank account inbox.

Z

All information summarized

The Infopaper on phishing clearly summarizes the recommendations of the Hornetsecurity experts. Download now and get access to tips on detecting and preventing phishing attacks and recommended actions for the worst case scenario.

More information about cybersecurity

Further information about cybersecurity can also be found in the Hornetsecurity blog. To protect against other cyber attacks, the experts at Hornetsecurity recommend the use of comprehensive security features such as Advanced Threat Protection.

How to protect against phishing?

To protect against phishing, it’s best to trust in professional IT security solutions.
Companies getting more and more often victims of phishing email attacks. Because of the high revenue the attackers can make from companies, they try to reach out to companies with their scam. The damage, those attacks can make is immense high. Therefore, you should think about your email security. Does your email security solution really protect you from a phishing attack?

Our security services to protect your company.

To secure your company the developers of Hornetsecurity invented the Hornetsecurity ATP. ATP can recognize harbingers of phishing mail attacks and especially can recognize targeted attacks, which are leading to only one person.

How can I prevent phishing?

To prevent phishing the first thing you can do is to sensitize yourself and/or your employees, to look even more precisely on emails which forces you to give out personalized data. If you did this, you and/or your employees could recognize all phishing attacks. To sensitize you can use all recognizing techniques I showed you above. To test your knowledge, google invented a quiz: https://phishingquiz.withgoogle.com/ That should minimize the danger, but anyways there remains a risk, if you don’t trust in a professional IT-Security solution.

What’s spear phishing?

Spear phishing is a variation of phishing. The cyber-criminal upfront tries to get as much information as possible about his victim. In this instance there is a lot of research done before being able to execute this phishing attack. The hacker has to spy out his victim. They do not send out a mass of phishing emails, they are only interested in one target. Most of the time, this is a specific company head or executive. The more personal information they have about their victim, the better they can attack.

How can I remove phishing?

Phishing isn’t malware, it is a scam tool hackers use to trick the security of the victim via personal appeal. Because of this there is no possibility to remove phishing attacks. If a hacker has your email address, he always can use it to send you phishing emails. You only can prevent to get more phishing emails.

How ATP is working

Hornetsecurity ATP checks every incoming email for malicious content. To check them ATP puts all incoming files, URL and so on into a sandbox. In the sandbox ATP is running the content in virtual operating systems. Then ATP looks for effects in the systems and other anomalies. If everything is normal, then the recipient gets the email normally. When ATP detect malicious content it will block it and the recipient gets a security alert.

Funktionsweise von Advanced Threat Protection

These customers rely on the Cloud Security Services of Hornetsecurity

Hornetsecurity References