Phishing

What is phishing?

Phishing is a type of Internet fraud, the purpose of which is to obtain confidential user data from themselves. This includes stealing passwords, credit card numbers, bank accounts, and other sensitive information. Phishers are interested in data that gives direct access to money, as well as personal information of users that helps to make phishing emails credible.

Types of phishing lures

Domain forgery or familiar user imitation - the message may come from an address of a sender you know or a trusted organization that differs from the original in some subtle detail or character (exapmle@mail.com instead of example@mail.com, supportonline@mail.com instead support.online@mail.com).

Text honeypots - A text message that comes from a supposedly trusted source, such as a bank, government agency, or commercial company. The message asks the user to provide personal information (username, password, or sensitive financial data). Examine the letter carefully if the information is required “urgently” or “as soon as possible” - this is one of the signs of a phishing letter.

Phishing Links - The email message contains a link to a page similar to the authorization page of a trusted site and urging, for example, to urgently change the password. With this action, you can put it directly into the hands of attackers.

Phishing attachments - an email message contains a malicious file and an invitation to open it.

Fake Cloud Storage Links - An email purporting to be from a trusted source prompts the user to grant permission and/or enter personal information such as credentials in exchange for access to a fake cloud storage location.

Protection methods

The main principle: do nothing automatically, mindlessly. The familiar look of an e-mail should not allow the addressee to perform a standard action without reading it carefully. Be vigilant: is everything in order with addresses, signatures? Does the letter contain suspicious attachments and an open call to open them? Beware of messages threatening to block your accounts and offers to follow “rescue” links to restore access. Remember that there is a list of data that a particular service is not entitled to request from you - it is better to check with the support specialists of each specific organization. At the same time, some services have data that attackers may not have, such as your first and last name. Therefore, if you receive a non-personalized letter, this is another reason to think about who sent it.

If you have any kind of doubt, you need to contact the sending company itself (by a separate letter or by phone) and check the authenticity of the message

If possible, refuse to go to trusted resources through hyperlinks from messages sent by unknown senders

Remember that even the mention of personal information that at first glance is inaccessible to scammers (for example, addressing by name) does not guarantee complete security. Attackers often do preparatory work by getting information about the victim from social networks.

In the modern world, passwords cannot provide the necessary protection, especially when users use easy-to-remember combinations that make it easier for hackers to crack, as well as a single password for all services and applications, thereby increasing the damage from compromise. It is important to strengthen security with multi-factor authentication (verification through multiple channels). Moving to multi-factor authentication eliminates 99% of credential theft attacks. It is important to note that SMS one-time codes used as a second factor can also be compromised: SMS verification is only marginally more secure than simple passwords. Now large market players have begun to offer multi-factor authentication using special applications that use codes or biometrics (fingerprint or face), and some - the ability to completely abandon passwords, which radically reduces the likelihood of a successful phishing attack.

Pay attention to the browser warning about suspicious sites - you should definitely not open such Modern mail services also take care of user safety by creating special “sandboxes” for checking suspicious messages in an isolated container and do not “release” information into the system until there is confidence in the security. Listen to the recommendations and report phishing incidents to your mail agent (Microsoft Outlook users can do this using the Send Report button).

There are special groups (PhishTank) that collect entire databases of phishing addresses where you can check the incoming message.