Phishing scams are easily prevented when you pay attention to the small details of an email. Use Email Protector to mitigate this kind of attack.

Georgi Spasov
22 Apr 2019
phishing cybercrime

Phishing is without doubt the most commonly used and most preferred way to infiltrate any system. Perhaps you’ve heard of the phrase “You give a poor man a fish, and you feed him for a day, you teach him to phish, you give him… you give him…” – well the whole world actually.

Phishing can't be classified as a real cyber crime, right?

That’s not quite accurate.

Phishing is a type of cyber attack, that uses the weakest link in Internet – the human. Phishing is the most successful social engineering attack to extract user data – login credentials, user names, passwords, email addresses, as well as payment data and other valuable information.

The term ‘phishing’ shows that attackers do not aim to gather information from one specific individual, but rather rely on the fact that data will be collected regardless of the victim, unlike whaling, spear phishing or business email compromise attacks.Phishing could be utilized with different methods and means – targets are contacted by email, telephone or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data. The information could then be used to access different accounts or further continue with data extraction.Since almost everybody reacts negatively to cold calls, cyber criminals utilize email as their primary tool and most conventional way to execute this kind of attack.Another method is the creation of web-pages and domains that look exactly like the original ones – with one major difference – they’re operated by a malicious individual or a cyber crime gang.

  • Unknown recipient – almost always phishing emails begin with ‘Dear customer’, ‘Dear client’ or use a ‘general’ way to address the recipient.
  • Too Good To Be True - Lucrative offers and eye-catching or attention-grabbing statements are designed to attract people’s attention immediately. For instance, many claim that you have won an iPhone, a car, or some other lavish prize. The most important thing to do is not to click on hyperlinks in this email (or better – delete the email before even reading it).
  • Sense of Urgency – One way that cybercriminals exploit your normal human behavior is that they create a situation, in which you should act only in a limited time frame. Some emails will say that you have only hours to respond – a good example for that are email messages from senders, pretending to be your email provider or other linked third party. Those messages contain the statement that your email account will be suspended, if you do not activate it – the email will provide a button and after you click a whole bunch of bad stuff could happen. When in doubt, one should check the headers of the message – does the real sender correspond with the email sender? Checking headers can often times be troublesome and time consuming. This article gives you the answers what to look for when examining header information.
  • Hyperlinks - A phishy hyperlink can often times be hard to catch. But hovering over it shows you the actual URL where you will be redirected upon clicking on it. When an email is formatted with HTML markup, one can include links in some string literals, where clicking on the links will redirect users to another website. The links could be deceiving, the text of the hyperlink could display, but the real hyperlink may lead to – the letter “m” here is replaced by an r. Replacing characters is one of cyber criminals favorite techniques, so be extremely careful when clicking on links. Especially email links.
  • Attachments - Whenever you receive an email from an unknown sender, and it contains an attachment, don’t click and download the attachment. Files with extension (files that end with) .zip, rar, .jpeg and .pdf are most commonly exploited by cyber criminals, as they provide different possibilities to infect a system – reverse shells, backdoors, and ransomware are just a fragment of the exploits you could end up infecting your system with.
  • Unusual Sender – Opening an email from an unknown sender can’t really hurt you. There isn’t anything that’s automatically downloaded (if you operate from a browser), and the email is just text, right? WRONG! By clicking on an email you can provide information such as: your IP address, your OS (Windows, Mac or Linux), your browser agent, the resolution of your screen, when exactly the email was opened, your time zone… See what I mean? By clicking on an email, you can provide cyber criminals with enough knowledge to have a basic footprint of your system and decide which attack vector to use next. Maybe they’ll try to compromise your network. Or your co-workers. Or use your siblings. Just opening an email could have devastating effects for an individual.

Back in the day when I was working at the Cybercrime Unit, I’ve utilized this technique many times in order to gather enough information, so that I could track down people who distributed child pornography and people sharing child nudity materials. I doubt that I’m using the word ‘people’ correctly here but nevertheless… Those sick bastards didn’t know who was sitting on the other side of the computer.

So, we got the basics. Now what?

In the next article we’re going to cover the ways a phishing campaign is being organized and executed.

Georgi Spasov

Georgi Spasov

Georgi was the Bulgarian POC for high-tech crimes during his work as a cybercrime forensic investigator. Now, as a fullstack developer, he contributes with his knowledge in building highly available software solutions.

comments powered by Disqus

PhaaS Request Submission