PHISHING: RECOGNIZING AN ATTACK AND HOW TO DEFEND

 

Dear readers of Hacker's Station, today we will return to the topic of Phishing, which has become current in recent months. We will go to see the various techniques and how to defend against these increasingly numerous attacks.

In the 2.0 era, that of the internet, scams take place online. Not only by browsing websites, but also by e-mail: despite the enormous progress in the cybersecurity sector, with the creation of highly efficient antivirus and antispam filters for e-mail, fraudulent e-mail messages can escape these checks , also creating considerable damage to the unfortunate cheated.

This is the case, for example, of phishing e-mails, which can often also come from a trusted source and sent from addresses considered “reliable” and therefore not blocked by the appropriate filters. Running into a scam is very simple, falling for it much less, but you still need to pay close attention and know how to recognize phishing emails.

TYPES OF PHISHING

The types of phishing used can be divided into 4 ways:

• Greed;
• Kindness;
• Obedience;
• Fear;

Let's see in detail the types and how they work:

GREED

You will receive an email sent for example by Amazon where it will be written that you have been selected to receive a gift. To complete the operation, you must click on the next button.

Actions

By clicking on the button, you could fall into pitfalls, the first you will be directed to a clone of the Amazon site where you will be asked to enter your data.

The second, a virus will be automatically downloaded that will compromise your PC and all PCs on the network.

GENTILEZZA

You will receive an email from an address you know, perhaps from the same company you work for, with an attachment containing a virus inside, where you will be very kindly asked to open the file because your colleague has encountered problems opening , it will even write the password to open the file.

The text of the email focuses on the kindness of requests.

Actions

Opening the attachment will download and install a virus.

OBEDIENCE

In this case, the phisher will point to an email from a military body, such as the financial police, where you will be asked to pay.

Actions

By clicking on the link contained in the body of the email, you will be directed to the clone site of the financial police, where you will be asked to enter your credentials.

FEAR

In this case, the phisher is betting everything on intimidation, writing in the email that your PC has been hacked, and that it is in possession of sensitive information.

It usually writes that you were recorded while watching adult sites and videos, and your webcam was also hacked so it has some hot videos.

Actions

By accepting the payment, (99% bitcoin), the phisher will tell you that your data will not be put online.

The types of Phishing are technically divided into:

• Common Phish;
• Spear Phish;
• Clone Phish;
• Whalink shark;

COMMON PHISH

The attacker, after collecting a large number of e-mail addresses, sends the same e-mail to all addresses (as if it were a fishing net).

SPEAR PHISH

The attacker sends an e-mail, apparently from a trusted source, but instead leads the unsuspecting recipient to a fake website full of malware.

Often, these e-mails use cunning strategies to grab the attention of victims.

For example, the FBI reported spear phishing scams in which the emails appeared to come from the National Center for Missing and Exploited Children.

CLONE PHISH

The attacker inserts a link in the email that will redirect you to the cloned site, apparently identical to the original one, asking you to log in by entering your credentials.

WHALINK SHARK

This type of attack is perhaps the most dangerous variant of phishing which, always based on social engineering techniques, targets executives and top management, such as the CEO, CFO, CIO and in general all those profiles, commonly identifiable as C-Level.

This attack induces the recipient to carry out actions that are harmful to the company but very profitable for those who carry out the attack.

For example, specific anecdotes of the victim's work sphere are inserted in the text of the e-mail, for example the reference to a specific project or to a known colleague, all this can lead the latter's mind to register the situation as familiar, and feeling in a comfort zone and thus involuntarily letting your guard down.

In addition to this, there are the so-called spoofing techniques, which allow the attacker to impersonate a specific colleague of the victim and make the email appear to be sent by the latter.

Example:

A C-Level receives an email from the CEO of his company who urgently requests that a transfer be made to the new IBAN of a well-known and historic supplier, already a partner of the company.

This request involving known and reliable subjects, could appear absolutely plausible in the eyes of the victim, who being in possession of a regular proxy for this type of activity, could proceed with the transfer without delay.

WHAT ARE THE RISKS OF A PHISHING ATTACK?

The risks in the event of an attack can be summarized as follows:

• Loss of money;
• Infected PCs;
• Resale of data;
• Identity theft;

HOW TO DEFEND FROM A PHISHING ATTACK

We have 3 different options to try to defend against a Phishing attack:

• Best practice
• Online tools
• Answer correctly

BEST PRACTICE

In 99% of cases, the technique used in phishing is the cloning of the original site, which is the post office, your bank, Microsoft, Facebook does not change, the technique is always the same.

Now we are going to see how to recognize a phishing email with small tricks.

Let's take an example with google e-mail, first of all I would do the following checks:

1. The site url will not be the original one.
2. Google logos and writings will not be identical to the original one.
3. Immediately open the real login page and check the differences with the one received.

Do not click links and do not open mail from unknown senders.

ONLINE TOOLS

Use free tools available online, such as Virustotal to check potentially dangerous links and attachments.

ANSWER IN THE CORRECT WAY

If you receive a strange email, for example from your bank where you are asked for your login credentials, contact your bank immediately by phone to ask for clarification.

Change your passwords immediately and immediately start an antivirus scan on your PC / device.

To the next article :)