The name says it allThe word “phishing” established itself in the USA in the 1990s and has less to do with the open sea and its inhabitants, but parallels to the English word “fishing” can still be drawn. Because in phishing, cybercriminals literally “catch” the personal data of their victims in a fraudulent way.
How does phishing work?
A phishing attack is a digital identity theft. The hackers send fraudulent emails, which for example imitate the design of well-known Internet service providers such as Amazon or PayPal as well as leading financial institutions.
With the help of insidious pretexts, the partly appearingly fraudulent messages try to lure their recipients to fake websites to have them reveal their personal data. They claim, for example, that there has been a hacker attack and that the supposedly affected account is no longer secure. Only if the user verifies his personal data on the website which can be reached via a link, the security of the account will be ensured.
The link embedded in the email is often very difficult to expose as a fraud. This is simply because the cyber criminals put a lot of value on the fact that the implemented links look as authentic as possible. By buying domains, such as “amazn.com”, which look almost similar to the original, the fraud is successful in most cases. According to the Anti-Phishing Working Group (APWG), nearly 114,000 of such phishing sites were online in March 2018.
In order to make the fraud perfect, this obviously also applies to the sender addresses of the phishing emails. The actual Amazon sender address „firstname.lastname@example.org“ will then be changed to „email@example.com“.
With certain email clients it is also possible to use a display name to cover up absurd sender addresses, such as firstname.lastname@example.org, which have nothing to do with – in our case – Amazon. Visually, this fraud can only be detected with a precise look and most victims do not notice the fake at all or at least when it is already too late. Once the victim has entered his or her personal data on the malicious website, the information is transferred directly to the cybercriminals.
Phishing and its varieties
Regular phishing emails, like spam emails, are intended for mass mailing. Cybercriminals purchase large amounts of email addresses for this purpose or use data they have captured. These fraud messages are then usually sent to millions of different people. Even though for some phishing emails the focus is not on details, they can often achieve significant success rates – at least when you look at total figures. The situation is quite different with so-called spear phishing.
The method relies mainly on the traditional phishing scam, but in this case “spear phishing” is a targeted email fraud.It can be adapted to a specific company as well as to a specific person. The purpose is to steal sensitive financial or login data. Through social engineering, cybercriminals find out as much personal information about their tagret as possible in advance so they can fake deceptively real-looking email communication. In best case, the victim does not notice the fraud and is directed to a fake website, where he or she then reveals his or her data.
What do the digital pirates want to achieve?In most cases, the information “obtained” by the cybercriminals is access data for online banking accounts or other web-based banking services, as well as credit card information in general being a popular target. The motivation of the attackers can be quite different and ranges from financial enrichment in the sense of account robbery or the selling of data, up to hacker attacks on companies, which are accomplished by the information of the captured data.
I have been a victim of a phishing attack – what should I do now?Despite all the security measures, it happened and you became the victim of a phishing attack. Often one notices this only when it is already too late. Now it’s time to stay calm and react quickly! It is best to inform the operator of the affected account about the phishing attack immediately so that he can initiate appropriate measures and make the fraud public. In some cases, you can also become active yourself by changing the access data of the relevant account or by locking it if possible.
How can I effectively protect myself from phishing?The success rate of phishing emails is very high. In 2017, Trojaner-Info.de even reported about an extremely complex phishing attack against frequent flyers, which had an immensely high success rate of 90 percent. Becoming a victim of a phishing attack can happen faster than you think.This makes it all more important to be prepared in advance for potential phishing attacks. We have therefore listed the most important recommendations in the following section.
1. SensibilisationFirst of all, the right sensibilisation to the defence against phishing emails is a good base.. Many users are not sufficiently aware of dangers hidden in their email inbox, such as phishing attacks.It is therefore difficult for them to identify malicious emails as such. However, the risk of a phising campaign can be reduced with a little prior knowledge. If phishing is suspected, the first thing to be checked is whether the sender address actually matches the original domain or whether it contains additions or spelling mistakes. If this is the case, it may be a first indication of a phishing attack. A further hint may be impersonal greeting, such as “Dear Ladies and Gentlemen”. For example, a bank would always start its emails to customers with a personal salutation. In addition, you should never click on links or buttons placed in emails, since as a “normal user” it is unfortunately very difficult to check if the supposed link destination is actually correct.
2. Active protectionBeyond awareness, there are things that can be done to actively defend against phishing attacks. In the email client, for example, the “run active content” function should be deactivated, as this can lead to harmful content being automatically run unnoticed. If you don’t want phishing emails to be delievered to your inbox the first place, you shouldn’t miss out on a spam filter service. Hornetsecurity’s Managed Spam Filter Service reliably filters 99.9% of all email threats, including phishing emails. Hornetsecurity Advanced Threat Protection is designed to detect even the most sophisticated phishing campaigns through a bundle of security mechanisms such as Fraud Attempt Analysis, Identity Spoofing Recognition or Targeted Attack Detection. This ensures that no employee accidentally falls for a phishing email – even with the most advanced security measures.
Example of a phishing email:
Example of a spear phishing email:
- Blog post: Current wave of phishing attack: Valyria downloader reloads spyware
- Blogbeitrag: Dangerous Amazon phishing emails cause trouble
- Hornetsecurity Services to protect against phishing and spear phishing attacks: Spamfilter Service & Advanced Threat Protection.