Cyber Security Center

How phishing works and how to recognize it


Phishing, derived from the words password fishing, is a form of personal information theft using spam emails and fake web pages. Commonly, phishing attacks targets bank clients in order to steal online banking login credentials and credit card data.

 

Screenshot (37)

Phishing threats:

  • Theft of sensitive data;
  • Illegal access to bank accounts.

 

It is worth noting that phishing attacks are very common, meaning most users will have encountered at least one attempt.

How does phishing work

Typically, a phishing attack starts with an email message that appears as if it was sent from a bank or other organization. The address in the sender’s field is usually fake.

For example, the message may state that your account has been suspended, and until you provide certain information it will remain inactive. Or it could ask you to provide your login credentials because supposedly it is required to update the service system. Since most phishing emails want your banking information, you’d be asked to give your online bank logins.

One of the most important parts of a phishing email is giving a good reason why the user needs to provide his/her information and creating a compelling environment to encourage the user to comply. In most cases, phishing emails contain a link to a fake web page that supposedly belongs to an organization on whose behalf the email is sent. We should note that the provided website address might be identical to the actual address of the website, save for one letter or an additional symbol.

An email without text or links may have malware attached to it, which could infect your computer and gather all the information it needs from your computer.

Common phishing scenarios:

An email from the bank, aka a convincing email, supposedly sent on behalf of the bank. Generally, those emails contain something among the lines of “Your bank account has been suspended. To renew the account, please click on the provided link and provide your information”. Users who click on the link are taken to a website that very closely resembles a legitimate one. At first glance, it may seem identical but at close look, it’s usually easy to spot the differences. The easiest thing to notice is the website address. It may look similar, but should contain an additional letter or symbol, or use tricks like using “rn” instead of the letter “m”. Another clue is http instead of https in the URL. Once on the site, users are asked to login to their account. If login details are put in, they are sent to crooks.

In a different scenario, users may receive an email supposedly sent by their bank asking them to participate in a survey. The email may look completely legitimate, with an official looking text, design that matches legitimate emails, etc. If the user clicks on the link to the survey, they are asked to log in to online bank. Since it’s advertised as an official bank survey, it’s not suspicious to ask users to log in. When users type in their login credentials, the data is then typed in the legitimate bank website. After the user completes the fake survey, they would be asked for an authentication code. If the user provides the code, it’s typed in the legitimate bank site and crooks now have access to that user’s bank account.

So the easiest way to protect yourself from these kinds of attacks is to think of all emails (whether they are sent from the bank or somewhere else) that ask for your personal information as phishing attempts.

A request from a system administrator is another possible scenario. An email is sent to a user, supposedly on behalf of his/her company’s IT administrator, asking the user to run an attached executable file or to download something from a provided link. If the user falls for the trick and opens the file, he/she is essentially launching malware, which allows hackers to gain access to the entire system. Alternatively, the user may be asked to provide some kind of login credentials.

Recommendations

It’s necessary to understand that phishing emails are very common, and you should know about them. Otherwise, you might end up falling for one. What you should do to prevent phishing:

  • Carefully evaluate messages that request confidential information;
  • Be aware that trusted companies, especially banks, never ask for personal information to be provided via email. They NEVER ask for customer login credentials;
  • Do not reply to phishing emails and do not click on any links in them;
  • If you want to check if what the email claim is correct, log in to your account manually, and not by clicking on the provided link, even if the email looks completely legitimate;
  • Don’t enter personal information in pop-up windows.

 

It’s also recommended to do the following:

  • Use antivirus software. Anti-virus software is often the last obstacle between malware and your computer. It would delete any malware before it can do anything, preventing serious damage to your computer.
  • Update antivirus software database. Antivirus database updates are released almost every day, and installing them is essential to protect the computer from new malware.
  • Use a firewall. A properly configured firewall can prevent hackers from accessing your system.
  • Make sure that the page uses SSL connection. The address of the page should begin with https, and not http.
  • Update your computer’s operating system and software regularly. Regular updates will reduce the chances of your computer being infected by malware.

 

How to recognize phishing

Who sent the email?

First, check to see who the email was sent to. Note whether the “Cc” or “To” field contains loads of contacts that you do not know. If so, proceed with caution.

It’s possible that the same email has been sent to multiple people from the same organization or users in the same domain. It should immediately cause suspicion if the email was sent to addresses such as “webmaster” or “Administrator”. This indicates that the sender is just trying a multitude of addresses and expects someone to click on the link. If you receive a work-related email that is also sent to your company’s admin address, this message is likely phishing.

Never press on links in emails

Never click the links you receive in an email. Especially if the links are in unsolicited emails. Manually enter the address in your browser and search for the information you need. For example, if you received an email from a shipping company that says your shipment has been successfully delivered, go directly to the shipping company’s website and look for information there.

Hover over the link

One quick way to check if a link is secure is to hover over it. When you hover over a link, do not press it, and just wait until the actual address appears. You should always check the link before pressing it to find out whether it leads where it should.
If, when you hover over the link, an IP address is displayed, that should cause suspicion as companies use domains and not IP addresses for emails.

Read domain name carefully

Read the domain name carefully. Many criminals use addresses very similar to real ones, such as Paypl.com, grnail.com, etc. If you take a quick glance, they may seem legitimate, but at closer look it’s pretty obvious that nothing good will happen if you press the link.

Another trick that scammers user is long URLs with the company name inserted somewhere. If the scammers are pretending to be PayPal, they would insert PayPal somewhere in the link to mislead users.

Look at grammar

Most phishing emails are written in very poor English and contain many mistakes. This makes some phishing attempts very obvious, as a legitimate email from your bank will always have impeccable language. However, phishing emails that target specific people tend to be more sophisticated and may be error-free.