Phishing has been the most popular tool that attackers have used to steal sensitive information since the beginning of the 2000s and it works, even now in 2021.
Everyone, from the CEO of a company to an average user, is regularly targeted.
A successful phishing attack can retrieve your confidential information that may be used to do nasty stuff like commit fraud in your name, take over your accounts and control your servers.
What is Phishing?
In a phishing scheme, attackers contact victims disguising themselves as trustworthy persons or institutions, to steal their information.
For example, they may send you an email impersonating your bank service. Some attackers are exceptionally good at falsification; the email address and content of the message can look legitimate.
They may inform you that your account’s password was reset, you won a prize, you owe money, or another alarming message to prompt you to take immediate action.
The immediate action usually involves clicking on a malicious link they provide.
Once you click that link, it may redirect you to a fake webpage looking like the impersonated person’s official website. There, attackers can steal the sensitive information you input.
In other cases, the redirected link triggers the download of malware to your system. Check article about malware to learn more about this attack vector.
Attackers may use typosquatting; domains under their control look remarkably similar to the legit ones, like www.facelook.com.
But this modus operandi is not only employed by criminals! Companies and governmental intelligence agencies also use it for economic or political reasons. For example, this is how foreign ministries, embassies and even the Dalai Lama’s Tibetan exile centers were compromised.
As with the attacks covered in previous articles, there exist plenty of tools publicly available to perform phishing. Here’s an example.
What Do Attackers Do with Your Stolen Data?
With your stolen information, the attacker may impersonate you on the target application.
If the attacker gets to access your bank service, it will try then to steal your money and cash-out by
- Purchasing products on internet marketplaces with your credit card details
- Purchasing gift cards
- Transferring your funds to a mule account
- Using wire-transfer services or cryptocurrencies.
More Nefarious Consequences of Phishing
In recent years, we started to register an increasing number of botnets and ransomware attacks.
A botnet is a network of devices infected by malware that is controlled remotely by a Botmaster. Botnets are usually used to perform Denial of Service (DoS) attacks.
Botmasters use mainly phishing to recruit new machines to their networks.
Ransomware is a type of malware that encrypts all your files and demands you pay a ransom to recover them back. Again, phishing is what attackers typically use in the first place to infect your system.
Symptoms of a Phishing Attack
Be very wary here! Attackers often use as phishing vector:
- Emails, Messages, text messages and social media posts,
- Websites asking for login credentials.
Here are some hints indicating they may be fraudulent:
- Shortened links,
- Grammar errors, unusual language,
- Strange URLs,
- Message content prompts to take immediate action.
If you fell victim to this schema, you may experience a broad range of symptoms. For example, you would find:
- Financial transactions you did not perform,
- Your account is locked,
- Spam being sent from your email and social media account,
- Your IP is blocked by other websites’ security systems, and more.
Types of Phishing
We can classify phishing attacks by the media employed and targets.
Spear Phishing
In Spear Phishing, the attack is focused on a unique target. The individual is first investigated to craft a phishing message that is very likely to be trusted.
That is one of the reasons why you should be very careful about what you share on the internet, for example, on social media!
Whaling
Whaling is a particular case of Spear Phishing in which the target is a high-profile individual, such as an executive or a famous person.
A remarkable example of a successful whaling attack: the case of an executive-level HR employee at Snapchat. The attacker disguised as the company’s CEO and got to retrieve payroll information of companies’ employees.
Vishing
Vishing comes from Voice phISHING; the attacker tries tricking the victim over verbal communication channels like telephone or VoIP. This type of phishing was the most prevalent in the previous century.
Still, nowadays, phones are the second most common media employed by fraudsters.
Smishing
Smishing comes from Sms phISHING. Here the media used by the attackers is mobile phones’ text messages.
Smishing attacks related to Covid aids and fines victimized people all over the world recently.
Email Phishing
Here the media used by the attacker is email. It’s the most common type of phishing. This schema works as we explained in the example from the first section.
Top Phishing Statistics
Phishing has a high prevalence in cyberattacks statistics. According to Verizon Data Breach Digest, 90% of all data breaches involve phishing.
And phishing even seems to be on the rise. According to the FBI 2020 Internet Crime Report, phishing incidents more than doubled from 2019 to 2020.
How can you defend against Phishing?
And phishing even seems to be on the rise. According to the FBI 2020 Internet Crime Report, phishing incidents more than doubled from 2019 to 2020.
Here are some tips to be safe!
Don’t Rush! Verify Yourself!
Take your time, don’t hurry to reply to an email prompting you to act immediately. Attackers will try to trigger your emotions, so you make a wrong decision fast.
Check first by other means the rightness of the message
For example, if you receive an email saying you won a prize, check on the internet if the organization is trustworthy. Consider that if you didn’t take part in a lottery, you couldn’t have won.
If you receive a message from the government saying you owe money, contact the institution on their official media to confirm.
Beware Where You Click
Attackers rely on users clicking on malicious links in emails, social media, or pop-up ads that lead to fake websites they control or even malware installation.
Even if you receive an email from someone you trust, the email still could have been sent by someone impersonating the person you trust.
You may check if a website is trustworthy here and by researching in forums on the internet.
Use Multi-factor Authentication
If you have it enabled, attackers won’t be able to access your accounts even if they got to retrieve your credentials.
Web Services usually have an option for enabling two-factor authentication (2FA).
According to Microsoft, multi-factor authentication can prevent 99.9% of account compromise attacks.
A spam filter is handy to separate legit emails from the unwanted, and the rate of false positives is low.
The most popular webmail services such as Outlook, Gmail, and Yahoo Mail use this feature by default.
How can BitNinja Protect against Phishing?
Using security software is important to avoid human errors that transform into a catastrophe. BitNinja has great features to protect you, even if you happened to click that link you shouldn’t have…
- BitNinja Malware Detection module can detect malware in real-time even if its code is obfuscated. Attempts of downloading malware to your system won’t pass through.
- The BitNinja SenseLog module will detect and ban IPs associated with malicious events in your logs. For example, the supervisor API ApacheRecommendedSite prevents spamming attempts of known botnets.
- Finally, there’s the Real-Time IP reputation module. It has a constantly updated and vast list of malicious IPs worldwide. Attempts of connection coming from these IPs are blocked directly.
Why is BitNinja Different from other Anti-Phishing Solutions?
BitNinja counts with features backed by state-of-art technology in different areas:
- BitNinja Anti-Malware module uses a unique detection technique.
- The BitNinja SenseLog module uses the most effective technologies (Auditd, Aho-Corasick algorithm) to be resource-friendly.
- The Real-Time IP reputation module contains information on 70,000,000 IP addresses worldwide. This data is shared by all BitNinja servers in real-time.
Example for Phishing
Phishing had success even with very high-profile targets. For example, in 2020, attackers got to hack into Twitter administrative accounts.
They did by employing a technique known as SIM Swap Fraud. That consists in using Vishing to convince Telecom companies’ employees that you own a particular phone number.
After that, they received two-factor authentication messages to break into the desired accounts.
Once inside, the attackers had access to internal tools that enabled them to take control of any account. With that capability, they could impersonate famous users as Barack Obama, Elon Musk and Bill Gates to send phishing messages with a bitcoin scam.
Phishing FAQs
Can I Customize the List of Blocked IPs with BitNinja?
Yes, you can add IP addresses via your BitNinja Console, from the CLI, or through the API.
All changes are processed immediately, and your server is instantly protected with the updated security settings.
If necessary, you can also manage IP ranges, block countries and even ASNs with customized time frames to eliminate attacks from specific regions.
How Can I Check the IPs of Who Are Sending Me Phishing Emails?
You can see the history of IP addresses and their details on your BitNinja Console in the Phishing Sites section.
Credit: Source link