Phishing and not getting caught.

Phishing is one of the most widely used techniques and common scams that people fall for. This type of attack can be selectively\hyper targeted or sent to as many potential victims as possible. The general objective of this type of attack is to steal personal information or credentials. There is usually an emphasis on a sense of urgency in the message which often threatens account suspension, money loss, employment, etc.

Data that cyber criminals will often target in these types of attacks include Personal Identifiable Information (PII) such as financial account data, credit card numbers, and tax and medical records—as well as sensitive business data, such as customer names and contact information, proprietary product secrets, and confidential communications.

Phishing attacks can also be used to gain direct access to email, social media and other accounts or to obtain permissions to modify and compromise connected systems, like point-of-sale terminals and order processing systems. Many of the biggest data breaches start with an innocent phishing email where cybercriminals gain a small foothold to build upon.

An excellent example is this email we received the other day:

Example 1.

We've highlighted in red a couple of items to pay attention too.

1.       Creating a sense of urgency.

2.       Email address in From field is not from genuine sender, in this case the Australian Tax Office. Always expand and view the message headers in emails to check the sender is genuine. (not 100% for certain but can assist).

3.       Generic name, message has not been personalised for the recipient.

4.       Recreating sense of urgency

5.       The Link is first of all not to a https web address (the “s” is for secure, but once again not always a certainty), and is a fake link address. Government web address for example never end in .com or com.au in Australia.

Example 2

 

1.       Once again, creating a sense of urgency.

2.       Email address in From field is not from genuine sender, in this case the Centrelink \ Services Australia. Always expand and view the message headers in emails to check the sender is genuine. (not 100% for certain but can assist).

3.       Generic name, message has not been personalised for the recipient.

4.       Recreating sense of urgency as if receiver is a recipient of a government payment creates a sense of panic in not being paid.

5.       Requests updated information that can be then used for a combination of identity theft, Financial theft, obtaining details of other party to continue scam.

6.       Prompts victim to update their information  and creates a sense of added urgency with a very short timeframe to supply “required” information

7.       The included Link (which we have not shown) is first of all not to a https web address (the “s” is for secure, but once again not always a certainty), and is a very good fake link address that bears a reasonable resemblance of an official government website with prompts to update the victims information including bank information and Identity documents . Government web address for example never end in .com or com.au in Australia.

Types of Phishing Attacks

Phishing has evolved into more than simple credential and data theft. How an attacker lays out a campaign depends on the type of phishing. Types of phishing include:

  • Email phishing: the general term given to any malicious email message meant to trick users into divulging private information. Attackers generally aim to steal account credentials, personally identifiable information (PII) and corporate trade secrets. However, attackers targeting a specific business might have other motives.
  • Spear phishing: these email messages are sent to specific people within an organisation, usually high-privilege account holders, to trick them into divulging sensitive data, sending the attacker money or downloading malware.
  • Link manipulation: messages contain a link to a malicious site that looks like the official business but takes recipients to an attacker-controlled server where they are persuaded to authenticate into a spoofed login page that sends credentials to an attacker.
  • Whaling (CEO fraud): these messages are typically sent to high-profile employees of a company to trick them into believing the CEO or other executive has requested to transfer money. CEO fraud falls under the umbrella of phishing, but instead of an attacker spoofing a popular website, they spoof the CEO of the targeted corporation.
  • Content injection: an attacker who can inject malicious content into an official site will trick users into accessing the site to show them a malicious popup or redirect them to a phishing website.
  • Malware: users tricked into clicking a link or opening an attachment might download malware onto their devices. Ransomware, rootkits or keyloggers are common malware attachments that steal data and extort payments from targeted victims.
  • Smishing: using SMS messages, attackers trick users into accessing malicious sites from their smartphones. Attackers send a text message to a targeted victim with a malicious link that promises discounts, rewards or free prizes.
  • Vishing: attackers use voice-changing software to leave a message telling targeted victims that they must call a number where they can be scammed. Voice changers are also used when speaking with targeted victims to disguise an attacker’s accent or gender so that they can pretend to be a fraudulent person.
  • “Evil Twin” Wi-Fi: spoofing free Wi-Fi, attackers trick users into connecting to a malicious hotspot to perform man-in-the-middle exploits.
  • Pharming: pharming is a two-phase attack used to steal account credentials. The first phase installs malware on a targeted victim and redirects them to a browser and a spoofed website where they are tricked into divulging credentials. DNS poisoning is also used to redirect users to spoofed domains.
  • Angler phishing: using social media, attackers reply to posts pretending to be an official organisation and trick users into divulging account credentials and personal information.
  • Watering hole: a compromised site provides endless opportunities, so an attacker identifies a site used by numerous targeted users, exploits a vulnerability on the site, and uses it to trick users into downloading malware. With malware installed on targeted user machines, an attacker can redirect users to spoofed websites or deliver a payload to the local network to steal data.

Tips to keep you safe!

  • Always ensure your antivirus\anti-malware & anti-phishing software is up to date. 
  • Only click on links from trusted senders and even then use extreme caution.
  • Never connect to public Wifi or other networks (i.e Airports, coffee shops, public spaces) unless they are a trusted source and when doing so, always use a VPN (Virtual Private Network).
  • Change passwords regularly: users should change their passwords every 30-45 days to reduce an attacker’s window of opportunity. Leaving passwords active for too long gives an attacker indefinite access to a compromised account.
  • Avoid clicking on popups: attackers change the location of the X button on a popup window to trick users into opening a malicious site or downloading malware. Popup blockers stop many popups, but false negatives are still possible.
  • Be cautious about giving out credit card data: unless you know the site is completely trustworthy, never give credit card data to a website you don’t recognise. Any site promising gifts or money back should be used with caution.
  • Keep software and firmware up-to-date: software and firmware developers release updates to remediate bugs and security issues. Always install these updates to ensure known vulnerabilities are no longer present in your infrastructure.

If you, or someone you know may have fallen victim to one of these or similar attacks, please contact your relevant government and financial organisations directly and immediately to ensure the safety of your information and finances.

If you suspect your device has become infected via viruses and\or malware, immediately disconnect the device from either WiFi or physical connection. Run antivirus\anti-malware & anti-phishing software to endeavour to detect potential infection. 

If uncertain, please contact your trusted IT Professional immediately. We have a number of tools and services that are typically not available to general consumers and have methods to detect and remove malware.

Please feel free to contact us on 1300 80 73 80 ,  log a help desk request via this link on out website: https://foundationcomputers.com.au/pages/help-desk-request
or send us an email to support@foundationcomputers.com.au

 

Back to blog