This year, 2022, has shown that there are cyber threats not only for those who have not paid attention to the protection of their data but also for people who treat their confidential information with great care.
Even though phishing letters have been known as one of the methods of cyber fraud for a long time, the number of victims of cybercrimes is growing. The scams are getting more sophisticated. With the help of e-mails as a result of people's trust, fraudsters manage to obtain the personal data of both - individuals and organizations. It may turn bad, especially for companies whose employees are not trained to comply with basic cybersecurity rules.
The standard scenario.
A person receives a letter from Microsoft warning him that he is logged in from another device. Of course, an intruder presents itself as Microsoft. This notification is a standard way of warning of visiting your account from various gadgets - whether it is a laptop, smartphone, corporate or home computer, etc. The victim considers this information true because the letter indicates that the login occurred at night, when the owner was sleeping, or with an IP address from another country. He's panicking because he's not the one who logged in. At this moment, the eyes find a line with instructions on what to do to protect your account. And here is a solution in the form of a replacement of the password when you click on the link. By clicking on the link, the web page can download the malware automatically, even if the password is not entered.
Blindly trusting such letters, a person can share personal data, including various registration information, and passwords for access to electronic bank accounts, crypto wallets, corporate information, etc. without knowing it.
According to Torsten Urbanski, ESET's cybersecurity expert, phishing letters have become more plausible and difficult to distinguish from real ones.
Russia has recently become more popular among cybercriminals.
According to The Register, today spam can be sent with such seemingly reliable services as Microsoft Exchange. Individuals interested in personal data can hack into work servers and use them to send encrypted files, usually in zip format, that carry malicious software. And most often it is an IcedID. Such files can be presented as a way to improve the security of the victim's data. However, entering a password installs the program that allows cybercriminals to download malware on the user's device and to achieve their goals.
Intezer provided another explanation for why phishing emails are so trusted by users. The fact is that there is an interception of previously existing correspondence, and the fraudulent letter is sent as a response to the user's request in the same correspondence. Thus, the detection of deception becomes much more difficult.
According to Verizon's study, the average employee needs 15 minutes to open the malware in the phishing mailing. It takes 33 minutes to report the problem to the security department. Accordingly, a time difference of 17 minutes can be fatal and result in irreparable loss of confidential information.
It is important to note that 91% of phishing fraud is email fraud. Therefore, this requires that staff members fully understand how to recognize phishing and whaling. When receiving such letters, do not follow the links or download the attached files. If an unexpected letter is received from a colleague, you should contact him directly to validate it.
Address on behalf of well-known companies.
Fraudsters often use the names of the largest companies representing social networks, marketing, and IT areas, which have the largest number of consumers. Here are the examples of companies on whose behalf phishing mailing is carried out:
- Walmart, etc.
The design of the websites that are referenced by fraudsters in emails is the most similar to the original web page, domain name, and visual design.
Secretly downloaded malware can sit completely imperceptibly in the user's computer and work in the background, gradually extracting information about logins and passwords on bank servers, insurance accounts, work mail accounts, etc.
Today, the widest possible mailing is not only used but also such types as targeted phishing, whaling, and clone phishing.
What does the anatomy of phishing letters look like?
- The topic is often presented as an urgent one requiring immediate action. A method of intimidation is used. In some cases, letters are sent with no theme at all.
- The sender has a name that refers to an official or company, such as a technical department or support service. If the name of the sender is not specified, it can be understood that the letter is forged and has no relation to the company.
- The recipient is often impersonal and treated as a user or a client.
- It is often used such expressions that speak of urgency and impossibility to delay the actions because it can lead to irreversible consequences. A very important sign of phishing is low grammatical correctness and the illiterate structure of the text.
- The link that should redirect the user to the malicious site often has abbreviations through bit.ly. Sometimes it can be quite normal and short, to increase the degree of correspondence of the text and not cause unnecessary suspicion.
- The signature may also be impersonal and look like «Respectfully, Support service» or other impersonal phrases.
- The footer may be another evidence of fraud by indicating an implausible address of the company from whom the letter was received, or an incorrect date of copyright registration.
Interesting facts about phishing.
The fact is, 67% of cyber criminals decide to leave the subject line of the email blank. According to the statistics obtained from a study by Atlas VPN in 2022, almost 70% of phishing emails come with an empty subject line. If it is filled, the following percentage is observed:
- Report about delivered fax - 9%
- Commercial offers - 6%
- Requests for a meeting - 4%
- Notification of a new voice message - 3.5%
- The response to the user's request - 2%
- Urgent requests - 2%
- Requests to confirm the order - 2%
- Other types of requests - 4%
So, for the first 3 months of 2022, LinkedIn users faced phishing fraud in a particularly large ratio. They accounted for 52% of all attacks in the world. As already mentioned, fraudsters like to use the names of famous brands, so LinkedIn was chosen not by accident. For comparison, in the last 3 months of 2021, the name of the company was used in only 8% of the total number of malicious mailings worldwide. The difference is 44%. LinkedIn for the first time took first place in the number of scams carried out on his behalf. He even beat the giants like Microsoft, Apple, and Google.
The Crypto world is also regularly attacked by cybercriminals. Most affected are users who own Cardano, Luno, and blockchain. coms clients. Although this year was extremely unfortunate for the crypto market, the criminals continue to deceive naive users successfully.
The most common deception occurs by creating fakes of the original sites. Blockchain became the leader in the number of fakes of its original web page. From the end of March to the end of June this year, more than 660 copies were created. Luno was copied 277 times and Cardano 191 times.
One of the latest news from SecurityLab was the theft of $2.5 million from NFT purses by phishers from France in a few months in late 2021 - early 2022.https://www.itsec.ru/news/franzuzskiye-fisheri-ukrali-25-mlb-dollarov-v-nft
Among the marketplaces, Amazon customers are most often exposed to fraud by phishing. There are over 900 phishing sites that are linked to Amazon.
54% of all successful phishing attacks cost the loss of confidential information.
The reason for increasing the number of phishing attacks.
Every year the percentage of cyber attacks increases. It grows on average by 25% per year in phishing. Today, millions of users worldwide are exposed to such attacks. So why has phishing become a favorite method of cheating?
As the info business expands, consumers become less attentive to detecting possible attacks.
On the other hand, cybercriminals become more and more sophisticated. They have learned to make convincing and plausible letters. By contrast, users lose their vigilance when checking e-mail because they know that various e-mails can be sent from companies, service support, or marketing department of various Internet sites. Therefore, phishing has become very successful today and requires more careful consideration not only by each individual but also by companies and their employees.
Possible solutions to combat phishing for small and medium businesses and corporations
The company's lack of response to the attacks or willingness to prevent them is a sign that the management is not sufficiently committed to achieving data security. Every business needs effective defense of IS concerning corporate information, as well as customer and employee data.
Some actions should be taken in advance to prevent personal data from accessing by criminals. For example, the use of some protocols (SPF, DKIM) can provide protection. These are globally recognized protocols that use a security standard based on confirming the sending of a specific email to an authorized server. If the email was sent from a domain that does not have the appropriate authority on behalf of a particular company, the email will be considered potentially dangerous.
The protocol is enabled by the presence of valid registered mail servers in the DNS record. Depending on company policy, letters from questionable senders can be quarantined, banned, or allowed to view.
Virus Definitions & Security updates are necessary measures for protection against phishing.
Another basic way to protect against phishing is up-to-date antivirus software updates. Many commercial antiviruses can maintain protection at the appropriate level. By updating the software regularly and its support for the used browser, the user can be assured of the security of the sites visited; or he will receive an anti-virus notification about a potentially harmful link or web page. Also, the level of device security should be maintained by scanning for the presence of virus programs.
The mandatory application of two-factor authentication will guarantee the reliability of login to personal financial accounts.
When training cybersecurity personnel, special attention should be paid to the issue of phishing mailing. By being aware, they will be able to detect attacks by fraudsters and take protective measures in time.