The email from the principal bank came completely unexpected, its design very authentic, the content unsuspicious at first glance: ” We’ve detected a security breach in our systems. Please log into your account immediately to verify your identity”. – many recipients of such an email are not able to see its hidden fraud. That is because this is not a security breach or a well-intentioned advice from the credit institution, but a classic phishing email.
But how does phishing actually work and is a non-expert able to see through the scam? What happens after I fall for the fraud? Why are phishing emails called that way and how can I protect myself from these attacks? Questions about phishing are a dime a dozen. This blog post aims to shed some light on the abysses of phishing and shows not only how to uncover phishing emails with a few simple tricks, but also how not to let them into your mailbox in the first place.
The name says it all
The word “phishing” established itself in the USA in the 1990s and has less to do with the open sea and its inhabitants, but parallels to the English word “fishing” can still be drawn. Because in phishing, cybercriminals literally “catch” the personal data of their victims in a fraudulent way.
The word “Phreaking” also influences the naming process. It describes the sneaking of free telephone calls by generating a 2600-hertz tone played into the handset that could mislead certain switching centres in the USA, France or Japan, for example, to set up telephone calls.The amusing thing about this is that exactly this 2600-hertz sound can be produced with a toy pipe that was once a promotional item for the “Captain Crunsh” cereals. However, modern switching technology no longer allows this method, although this procedure is the beginning of today’s well-known “hacking”. The term “phishing” is a neologism of the two words “fishing” and “phreaking”.
How does phishing work?
A phishing attack is a digital identity theft. The hackers send fraudulent emails, which for example imitate the design of well-known Internet service providers such as Amazon or PayPal as well as leading financial institutions.
With the help of insidious pretexts, the partly appearingly fraudulent messages try to lure their recipients to fake websites to have them reveal their personal data. They claim, for example, that there has been a hacker attack and that the supposedly affected account is no longer secure. Only if the user verifies his personal data on the website which can be reached via a link, the security of the account will be ensured.
The link embedded in the email is often very difficult to expose as a fraud. This is simply because the cyber criminals put a lot of value on the fact that the implemented links look as authentic as possible. By buying domains, such as “amazn.com”, which look almost similar to the original, the fraud is successful in most cases. According to the Anti-Phishing Working Group (APWG), nearly 114,000 of such phishing sites were online in March 2018.
In order to make the fraud perfect, this obviously also applies to the sender addresses of the phishing emails. The actual Amazon sender address „firstname.lastname@example.org“ will then be changed to „email@example.com“.
With certain email clients it is also possible to use a display name to cover up absurd sender addresses, such as firstname.lastname@example.org, which have nothing to do with – in our case – Amazon. Visually, this fraud can only be detected with a precise look and most victims do not notice the fake at all or at least when it is already too late. Once the victim has entered his or her personal data on the malicious website, the information is transferred directly to the cybercriminals.
Phishing and its varieties
Regular phishing emails, like spam emails, are intended for mass mailing. Cybercriminals purchase large amounts of email addresses for this purpose or use data they have captured. These fraud messages are then usually sent to millions of different people. Even though for some phishing emails the focus is not on details, they can often achieve significant success rates – at least when you look at total figures. The situation is quite different with so-called spear phishing.
The method relies mainly on the traditional phishing scam, but in this case “spear phishing” is a targeted email fraud.It can be adapted to a specific company as well as to a specific person. The purpose is to steal sensitive financial or login data. Through social engineering, cybercriminals find out as much personal information about their tagret as possible in advance so they can fake deceptively real-looking email communication. In best case, the victim does not notice the fraud and is directed to a fake website, where he or she then reveals his or her data.
What do the digital pirates want to achieve?
In most cases, the information “obtained” by the cybercriminals is access data for online banking accounts or other web-based banking services, as well as credit card information in general being a popular target.
The motivation of the attackers can be quite different and ranges from financial enrichment in the sense of account robbery or the selling of data, up to hacker attacks on companies, which are accomplished by the information of the captured data.
I have been a victim of a phishing attack – what should I do now?
Despite all the security measures, it happened and you became the victim of a phishing attack. Often one notices this only when it is already too late. Now it’s time to stay calm and react quickly! It is best to inform the operator of the affected account about the phishing attack immediately so that he can initiate appropriate measures and make the fraud public. In some cases, you can also become active yourself by changing the access data of the relevant account or by locking it if possible.
How can I effectively protect myself from phishing?
The success rate of phishing emails is very high. In 2017, Trojaner-Info.de even reported about an extremely complex phishing attack against frequent flyers, which had an immensely high success rate of 90 percent. Becoming a victim of a phishing attack can happen faster than you think.This makes it all more important to be prepared in advance for potential phishing attacks. We have therefore listed the most important recommendations in the following section.
Stay in touch
Sign up to get the latest News about Cloud Security.
First of all, the right sensibilisation to the defence against phishing emails is a good base.. Many users are not sufficiently aware of dangers hidden in their email inbox, such as phishing attacks.It is therefore difficult for them to identify malicious emails as such. However, the risk of a phising campaign can be reduced with a little prior knowledge.
If phishing is suspected, the first thing to be checked is whether the sender address actually matches the original domain or whether it contains additions or spelling mistakes. If this is the case, it may be a first indication of a phishing attack. A further hint may be impersonal greeting, such as “Dear Ladies and Gentlemen”. For example, a bank would always start its emails to customers with a personal salutation. In addition, you should never click on links or buttons placed in emails, since as a “normal user” it is unfortunately very difficult to check if the supposed link destination is actually correct.
If the address is similar to the original domain and seems unsuspicious at first, you can check this by matching both URLs. In addition, you should never reveal personal information in any email communication.
2. Active protection
Beyond awareness, there are things that can be done to actively defend against phishing attacks. In the email client, for example, the “run active content” function should be deactivated, as this can lead to harmful content being automatically run unnoticed.
If you don’t want phishing emails to be delievered to your inbox the first place, you shouldn’t miss out on a spam filter service. Hornetsecurity’s Managed Spam Filter Service reliably filters 99.9% of all email threats, including phishing emails.
Hornetsecurity Advanced Threat Protection is designed to detect even the most sophisticated phishing campaigns through a bundle of security mechanisms such as Fraud Attempt Analysis, Identity Spoofing Recognition or Targeted Attack Detection. This ensures that no employee accidentally falls for a phishing email – even with the most advanced security measures.
Example of a phishing email:
Classic phishing email in which cybercriminals disguise themselves as credit institutions. Using the pretext that there have been unusual login activities on the account, the target person is forced to verify their account details. The design is indistinguishable from the regular design of the bank. The email does not contain any spelling mistakes and the formatting is correct. Advertisements in the email with links to the real website and the QR coder for the banking app round off the overall picture. Since it is a credit institution from South Africa, even the sender domain “abSaMail.co.za” is quite credible. Only the prefix “xiphaMe” looks strange and indicates a fraud.
Example of a spear phishing email:
Example of a perfidious spear phishing email*. The fraudsters used social engineering to find out the names, email addresses and most likely the relationship between two employees. They then used the captured information to recreate an email communication that was as authentic as possible. Trust is built through personal salutations and insider knowledge of the company’s lawyer. The email address of the alleged sender is also entered in the name field. This is to suggest that it is actually the correct sender address. The actual sender address only follows after this.
*The example shown is a real spear phishing email. For data protection reasons, all personal information has been changed.
- Blog post: Current wave of phishing attack: Valyria downloader reloads spyware
- Blogbeitrag: Dangerous Amazon phishing emails cause trouble
- Hornetsecurity Services to protect against phishing and spear phishing attacks: Spamfilter Service & Advanced Threat Protection.