How to Prevent Phishing Attacks 1

Phishing is a method employed by cyber-criminals to access email accounts and systems using deception rather than defeating security protections.

In basic phishing attacks, cyber-criminals send an email that appears to be legal, tempting the victim to open an attachment or click on a link. This click could result in loading malware onto the victim’s computer or it could take the victim to a realistic-looking website. In several cases, the aim is to capture user credentials without the knowledge of the victim.

How One AI-Driven Media Platform Cut EBS Costs for AWS ASGs by 48%

How One AI-Driven Media Platform Cut EBS Costs for AWS ASGs by 48%

Cyber-criminals have discovered that it is usually easier to delude a victim into clicking a link instead of breaking through technology defenses.

Phishing attacks are becoming more advanced in their exploitation of social engineering techniques. In most cases, fraudsters try to frighten a recipient by providing a seemingly important reason that the recipient should divulge their personal data. Such messages usually contain threats to block an account if a recipient does not fulfill the requirements in them.

A keyboard featuring a red button labeled 'GET ME OUT OF HERE' next to a white computer mouse on a wooden surface.

For instance, “if you do not provide your personal data by the end of the week, your account will be blocked”. Ironically, it is not unknown for phishers to make reference to the necessity of improving anti-phishing systems as one of the reasons for the disclosure of confidential information. A typical ruse might be “if you want to secure yourself against phishing, click the link and enter your user name and password”.

According to phishing.org, the first phishing lawsuit was filed in 2004 against a Californian teenager who created the imitation of the website “America Online”. With this fake website, he was able to gain sensitive information from users and access the credit card details to withdraw money from their accounts. Other than email and website phishing, there’s also ‘vishing’ (voice phishing), ‘smishing’ (SMS Phishing) and several other phishing techniques cyber-criminals are constantly coming up with.

From beginning to end, the process involves:

  1. Planning. Phishers decide which business to target and determine how to get e-mail addresses for the customers of that business. They often use the same mass-mailing and address collection techniques as spammers.
  2. Setup. Once they know which business to spoof and who their victims are, phishers create methods for delivering the message and collecting the data. Most often, this involves e-mail addresses and a Web page.
  3. Attack. This is the step people are most familiar with — the phisher sends a phony message that appears to be from a reputable source.
  4. Collection. Phishers record the information victims enter into Web pages or popup windows.
  5. Identity Theft and Fraud. The phishers use the information they’ve gathered to make illegal purchases or otherwise commit fraud. As many as a fourth of the victims never fully recover

Common phishing attacks

The availability of phishing kits makes it easy for cyber criminals, even those with minimal technical skills, to launch phishing campaigns. A phishing kit bundles phishing website resources and tools that need only be installed on a server. Once installed, all the attacker needs to do is send out emails to potential victims. Phishing kits as well as mailing lists are available on the dark web. A couple of sites, Phishtank and OpenPhish, keep crowd-sourced lists of known phishing kits.

Diagram explaining the steps in creating a phishing kit.
Image Source

The Duo Labs report, Phish in a Barrel, includes an analysis of phishing kit reuse. Of the 3,200 phishing kits that Duo discovered, 900 (27 percent) were found on more than one host. That number might actually be higher, however.

Email phishing

A phishing email is a fake email that appears to be like a crucial communication sent by a popular website or a bank. This email puts forth a tone of urgency and thus succeeds in tricking you into downloading an attachment or clicking on a link.

You will be taken to a fake website when you click on a link in a phishing email. This website could just drop a virus on your device or it could ask you to share classified information.

In many cases, downloading an attachment will infect your computer with a virus.

Phishing by SMS

This phishing attack that uses SMS is known as SmiShing. You will get an SMS, for instance, a WhatsApp message, informing you about an incredible offer. In this SMS you will be asked to redeem the offer by clicking on a link. After you click this link, you will be taken to a fake website that could infect your device with a virus or ask you to share confidential information.

Phishing by call

In a phishing call scam, you will get a phone call from a person acting like a bank manager, a software firm employee, or a known organization. This phishing call aims at tricking you into sharing private and vital details such as ATM PIN, expiry date, CVV, debit card number, and OTP.

Spear phishing

Spear phishing attacks a specific person or organization, often with content that is tailor made for the victim or victims. It requires pre-attack reconnaissance to uncover names, job titles, email addresses, and the like. The hackers scour the Internet to match up this information with other researched knowledge about the target’s colleagues, along with the names and professional relationships of key employees in their organizations. With this, the phisher crafts a believable email.

How to prevent phishing attacks

Protect your personal information

To prevent yourself from becoming a victim of a phishing scam, you will have to be extremely cautious with your personal information including your passwords and usernames.

When you enter your password/username and several other information, that information gets transmitted to the con artist, who can actually misuses it at a later stage. A few phishing scams divert you to a deceitful website that looks like your bank’s website or a similar trusted source.

Look out for suspicious emails and links

Do not click links sent along with suspicious emails. Addresses that appear to be official, could usually comprise of conspicuous differences that redirect you to a fraudulent site.

Be extremely suspicious of any emails sent to you from trustworthy entities like your bank. Also, avoid clicking on the link and instead type in the web address of the institution into the browser in order to access the website. Banks and financial organizations use monitoring systems to prevent phishing. Individuals can report phishing to industry groups where legal actions can be taken against these fraudulent websites.

Verify site’s security

It’s natural to be a wary about supplying sensitive financial information online. As long as you are on a secure website, however, you shouldn’t run into any trouble. Before submitting any information, make sure the site’s URL begins with “https” and there should be a closed lock icon near the address bar. Check for the site’s security certificate as well. If you get a message stating a certain website may contain malicious files, do not open the website.

Conclusion

Phishing is one of the most common cyber-attacks. Since it mostly relies on exploiting the human factor, even the most robust cyber-security techniques can fail to prevent such attacks, despite the advanced filters these systems employ. There’s no universal solution to deal with phishing attacks, but aside from protecting your personal information and being cautious about suspicious emails, you can always consult specialists to help protect your enterprise.

If you have any questions about how we can help you protect your website and business from cyber-attacks, contact us today to help you out with your performance and security needs.

Latest Articles

Complying with AWS’s RI/SP Policy Update: Save More, Stress Less

Shared Reserved Instances (RIs) and Savings Plans (SPs) have been a common workaround for reducing EC2 costs, but their value has always been limited. On average, these shared pools deliver only 25% savings on On-Demand costs—far below the 60% savings achievable with automated reservation tools. For IT and DevOps teams, the trade-offs include added complexity, […]

Itay Tal Head of Cloud Services
21st November, 2024
Three Ways CISOs Can Combat Emerging Threats in 2025

73% of CISOs fear a material cyberattack in the next 12 months, with over three-quarters convinced AI is advancing too quickly for existing methods to combat it. But what can CISOs do to prepare for the coming wave – and access the resources they need to deal with this evolving threat landscape? To find out, […]

11th November, 2024
How Optimizing Kafka Can Save Costs of the Whole System

Kafka is no longer exclusively the domain of high-velocity Big Data use cases. Today, it is utilized on by workloads and companies of all sizes, supporting asynchronous communication between even small groups of microservices.  But this expanded usage has led to problems with cost creep that threaten many companies’ bottom lines. And due to the […]

Itay Tal Head of Cloud Services
29th September, 2024
Migrating Volumez RedHat VMs into Amazon Linux 2 for higher effective discounts rate of Saving Plan

A cloud data infrastructure company relied on extensive use of multiple instance types to test its products. But this made it difficult to optimize costs – a fact which had begun to impact their ability to scale the business.   The GlobalDots team helped the company identify and implement a new infrastructure configuration that both saved […]

Itay Tal Head of Cloud Services
19th September, 2024

Unlock Your Cloud Potential

Schedule a call with our experts. Discover new technology and get recommendations to improve your performance.

    GlobalDots' industry expertise proactively addressed structural inefficiencies that would have otherwise hindered our success. Their laser focus is why I would recommend them as a partner to other companies

    Marco Kaiser
    Marco Kaiser

    CTO

    Legal Services

    GlobalDots has helped us to scale up our innovative capabilities, and in significantly improving our service provided to our clients

    Antonio Ostuni
    Antonio Ostuni

    CIO

    IT Services

    It's common for 3rd parties to work with a limited number of vendors - GlobalDots and its multi-vendor approach is different. Thanks to GlobalDots vendors umbrella, the hybrid-cloud migration was exceedingly smooth

    Motti Shpirer
    Motti Shpirer

    VP of Infrastructure & Technology

    Advertising Services