pctechguide.com

  • Home
  • Guides
  • Tutorials
  • Articles
  • Reviews
  • Glossary
  • Contact

Phishing Attacks: Don’t take the bait!

Spotting a phishing email isn’t as easy as one may think these days, and if you’ve ever clicked a link in one of those misleading emails, you’re not alone.

In 2019, 94% of malware was delivered via email and 32% of breaches involved phishing. With phishing attacks more common than ever, many SMEs are looking for IT companies and specialists who offer technology help in tightening up traditional security awareness using cybersecurity training and technology.

This article will discuss five common types of phishing attacks, how to detect them — if possible – and how to solve them.

What is a Phishing Attack?

Phishing attacks are when hackers send fraudulent communications that appear to come from a reputable source. These communications may sometimes contain sensitive information about a target, an attachment or a hyperlink – which is then used to collect information about the target. The attachment is almost always malware. Any hyperlink embedded within the communication leads to a website masquerading as a legitimate website.

We’ll get to know how some phishing attacks aim to get personal information from targeted users.

5 Common Phishing Attacks and How to Recognize Them

1.  Email Phishing

Cyber criminals send over 150 million phishing emails on a daily basis. This is usually how they start their first phishing trip – targeting a large number of users at a time. Creating an effective phishing campaign doesn’t even require a genius attacker. It takes no more than 7 minutes to generate a phishing email that appears to be sent from a governmental institution of your choice or a corporate organization trusted by the recipient. Such mails may be generated using the Social Engineering Toolkit (SEToolkit) shown in Figure 1.

Figure 1. The SEToolkit Framework in Kali Linux

Properly phished emails are difficult to detect, but the easily detectable ones have fake or misspelt domains. Every email address has at least three parts, namely the username, the domain and the top-level domain name as shown in Figure 2.

Most SMEs have their own email server systems and accounts for all users. As an example, legitimate emails from Paypal will have the domain paypal.com. If you receive an email from Paypalsupport@support.com, it’s definitely a phished email and not from Paypal. Whenever you’re unsure, the best way to check an organisation’s domain name is to look it up in a search engine.

Figure 2. Parts of an email address

2.  Spear Phishing

Spear Phishing is an email scam targeted towards a specific individual, business or organization. Attack vectors for spear phishing such as names, email addresses and designation are all available on popular social media sites. Once hackers collect information about their potential target, they craft personalized messages that look authentic enough to convince their targets to freely offer additional personal information such as passwords and bank details. Speared attacks also include attachments and malware links.

Checking the name and email address for a spear-phished email may not be enough. Sometimes, you need to make a phone call to the sender to confirm the legitimacy of the email. If the spoofed email contains hyperlinks, you can verify them by hovering your mouse over those links – which shows the complete address of the link you’ll be redirected to after clicking.

A legitimate MS Word document shared via Google docs should have an address beginning with https://docs.google.com/… as shown in Figure 3. If the shared Google link has an address starting with http://drivef-google.com, it must be a fake link.

Figure 3. Legitimate address of a shared Google document

When Spear Phishing attacks are directed to the executive members of an organization, it is known as Whaling.

3.  Vishing Attack

Hackers implementing this type of attack first gain unauthorised access to the target’s network systems, set up a voice over IP (VoIP) account and then spoof calls to targets. Once they reach their targets, it is easy to give instructions or requests for sensitive information.

It is almost impossible to detect a vished attack if you’re not already familiar with the user whose VoIP account has been hacked. Skilled experts and properly programmed systems are required to detect and block vished attacks.

4.  Smishing Attack

Smishing is when an attacker tries to trick its targets into offering their private information via a text or SMS message. Smishing is becoming a major threat in the world of online security, as hackers are using emerging technology to intercept tokens required for multi-factor authentications (MFA). Smishing is a combined form of phishing and text messages in which attackers send SMS containing deceitful links to the victims. Smishing attacks can only be detected using SMS content analyzers, URL filters and Source Code Analyzers.

5.  Pharming Attack

Most attackers prefer deploying pharming attacks because they no longer have to trick users into clicking links to a malicious website that appears to be legitimate. In order to achieve this, a pharming attack spoofs the Domain Name System (DNS) of a computer network by placing wrong information in it.

The internet doesn’t actually understand alphabetical addresses like https://www.google.com when you type them into your web browsers. They get translated into numbers known as IP addresses before reaching their destination. The system that does this translation is known as a Domain Name System (DNS). During a pharming attack, the attacker infects the DNS system to translate alphabetical addresses into wrong IP addresses.

After typing a website address, users can hold on until the page fully loads and then carefully inspect the site’s security details. This isn’t an easy task for internet users. Taking extreme precautions such as manually typing in a familiar website address isn’t enough to prevent this type of attack. This is because the misdirection of destination takes place in the DNS system which the user cannot control.

Solution to Phishing Attacks

Phishing attacks are very hard for users and security systems to detect because they are constantly evolving to adopt new techniques. Their success rates can be reduced to a minimum by implementing phishing protection for emails and websites. This solution is never complete without conducting continuous security awareness training for users since they act as the last line of defence.

Share this:

  • Click to share on Twitter (Opens in new window)
  • Click to share on Facebook (Opens in new window)

Related

Filed Under: Computer Security

Latest Articles

Graphic Card Colour Depth

Each pixel of a screen image is displayed using a combination of three different colour signals: red, green and blue. The precise appearance of each pixel is controlled by the intensity of these three beams of light and the amount of … [Read More...]

i810 Chipset

Formerly codenamed Whitney, the 810 AGPset finally reached the market in the summer of 1999. It is a three-chip solution comprising the 82810 Graphics Memory Controller Hub (GMCH), 82801 I/O Controller Hub (ICH) and 82802 Firmware Hub (FWH) for … [Read More...]

Cyrix 6×86 CPU – the first Pentium compatible processor

Unveiled in October 1995, the 6x86 was the first Pentium-compatible processor to reach the market and the result of a collaboration with IBM's Microelectronics Division. Acceptance of the 6x86 was initially slow because Cyrix priced it too high, mistakenly thinking that since the … [Read More...]

Everything You Need to Know About Video Editing Programs

The demand for video marketing services is skyrocketing. In Europe alone, the market for video marketing is projected to be worth $673 million by … [Read More...]

The Impact of Modern Technology on Relationships

Technology has changed dating in tremendous ways. It has gradually become more immersed in the modern quest for intimacy. In 1995, only 2% of … [Read More...]

Benefits of Instagram as a Powerful Marketing Tool for B2B Brands

The ever-growing popularity of the social networking app Instagram makes it a popular channel for businesses to launch their services, advertising, … [Read More...]

6 Simple Ways to Improve Security of Windows Computers

Millions of Windows PC users experience some form of cybercrime every year. According to one study, there were 2,953 reported cyberattacks between … [Read More...]

2021 PC Hardware Releases to Bolster Your Gaming

If you are a PC gamer, then chances are you are looking to upgrade your kit over the coming year. However, a lot of money can go into building the … [Read More...]

New Transfer Feature in Dropbox Enable Sharing files with Third Parties

Dropbox has been a popular P2P sharing platform for many years. They don't announce new features as often as other applications, since they have a … [Read More...]

Guides

  • Computer Communications
  • Mobile Computing
  • PC Components
  • PC Data Storage
  • PC Input-Output
  • PC Multimedia
  • Processors (CPUs)

Recent Posts

PC133 SDRAM

Although most of the industry agrees that Rambus is an inevitable stage in PC development, PC133 SDRAM is seen as a … [Read More...]

SCSI Interface Evolution

SCSI-1, the original 1986 standard, is now obsolete. It used asynchronous transfer, where the host and the device, blind to … [Read More...]

CD-ROM Digital Audio

On vinyl and audio cassettes, the audio waveform is recorded as an analogue signal. Therefore any imperfections will be … [Read More...]

[footer_backtotop]

Copyright © 2021 About | Privacy | Contact Information | Wrtie For Us | Disclaimer | Copyright License | Authors