The “My Dear” address has become almost iconic and is used by almost everyone who operates in the field of computer security. These emails are so-called “phishing” attacks, which took time to gain their place in the popular consciousness and become an issue of public interest.
On one hand, this created an almost universal awareness that phishing is a type of attack via email (or today more often via social networks), in which users are tempted to give away their login or payment details. This is a very widespread type of attack and you’re sure to find dozens of such messages in your email account. The problem is that it became widely-known that phishing can be recognized according to its poor use of English or another language. However, this is not always true, and today’s attacks are often much more sophisticated.
The goal of phishing is for a user to click on a dangerous link (or attachment), or access a page where he or she fills something in. These can be login details, information on payment cards, pins, etc. In order for such an attack to be successful, two basic strategies can be used – either “carpet bombing” and betting on a simple email that will eventually hook someone, or the use of more sophisticated tools.
For example: “In a 2017 phishing campaign, Group 74 (a.k.a. Sofact, APT28, Fancy Bear) targeted cybersecurity professionals with an email pretending to be related to the Cyber Conflict U.S. conference, an event organized by the United States Military Academy’s Army Cyber Institute, the NATO Cooperative Cyber Military Academy, and the NATO Cooperative Cyber Defence Centre of Excellence. While CyCon is a real conference, the attachment was actually a document containing a malicious Visual Basic for Applications (VBA) macro that would download and execute reconnaissance malware called Seduploader.”
Emails that look like they’re from bosses or teachers are often used, as are links that are often only slightly different to something well-known or famous. The phishing page is then almost identical to a normal one (the only chance you have is to check the address window) and lures you into entering necessary info. As is evident from these examples, you don’t have to be complete fool to get yourself mixed up or “hooked” in an attack like this.
The text of a phishing message often looks like information on an unsent or undelivered message, asks you to update something, enlarge the storage space in your email, or contains information on password changes, modifications to terms and conditions, a research project, an invitation, etc. The most common differentiating signs are the sender’s email address (your bank, for example, probably won’t be writing you from a Gmail address), a link that is often different in some small detail (e.g. .co instead of .com), or link shorteners (e.g. bitly).
What are the basic rules to follow if you want to minimize the risk of phishing?
- Don’t click on links in an email or messenger if you don’t know who’s sending them or why. Be very careful when it comes to attachments.
- If you want to access your internet banking, go to it directly. This applies to all other services too.
- Use updated software (mainly your browser and the plugins within it) and an antivirus. Don’t use flash.
- Don’t believe anyone who says they know you but you’ve never heard of them.
- Check for small typos in addresses both on webpages and on your email.
- Never click on a URL from your email listed via an address shortener, and avoid QR codes from people or institutions that you don’t trust.
- If anything out of the ordinary is happening, primarily in your e-banking or while logging in to your email, pay attention to it.