This year, 2022, has shown that there are cyber threats not only for people who have not taken care to protect their data, but also for people who treat their confidential data with great care.
Even though phishing letters have been known as one of the methods of cyber fraud for a long time, the number of victims of cybercrime is growing. The scams are getting more sophisticated. With the help of e-mails as a result of people’s trust, fraudsters manage to obtain the personal data of both individuals and organizations. It may turn bad, especially for companies whose employees are not trained to comply with basic cybersecurity rules.
The standard scenario.
A person receives a letter from Microsoft warning him that he is logged in from another device. Of course, an intruder presents itself as Microsoft. This warning is a standard way to tell people to visit your account from different devices – whether it is a smartphone, home computer, etc. The victim believes this to be true because the letter says that the user used the computer at night, when the owner was sleeping, or from another country. He’s panicking because he’s not the one who logged in. At this moment, the eyes find a line with instructions on what to do to protect your account. And here is a solution in the form of a replacement of the password when you click on the link. By clicking on the link, the web page can download the malware automatically, even if the password is not entered.
Blindly trusting such letters, a person can share personal information, including various registration information, without knowing it, including passwords for access to electronic bank accounts.
According to Torsten Urbanski, ESET’s cybersecurity expert, phishing letters have become more plausible and difficult to distinguish from real ones.
United Arab Emirates have recently become more popular among cybercriminals.
According to The Register, today spam can be sent with such seemingly reliable services as Microsoft Exchange. Individuals interested in personal data can hack into work servers and use them to send encrypted files, usually in zip format, that carry malicious software. And most often it is an IcedID. Such files can be presented as a way to improve the security of the victim’s data. However, entering a password installs the program that allows cybercriminals to download malware on the user’s device and to achieve their goals.
Intezer provided another explanation for why phishing emails are so trusted by users. The fact is that previously existing correspondence is intercepted, and the fraudulent letter is sent in the same correspondence as the user’s request. Thus, the detection of deception becomes much more difficult.
According to Verizon’s study, the average employee needs 15 minutes to open the malware in the phishing mailing. It takes 33 minutes to report the problem to the security department. Accordingly, a time difference of 17 minutes can be fatal and result in irreparable loss of confidential information.
It is important to note that 91% of phishing fraud is email fraud. Therefore, this requires that staff members fully understand how to recognize phishing and whaling. When receiving such letters, do not follow the links or download the attached files. If an unexpected letter is received from a colleague, you should contact him directly to validate it.
Address on behalf of well-known companies.
Fraudsters often use the names of the largest companies representing social networks, marketing, and IT areas, which have the largest number of consumers. Here are the examples of companies on whose behalf phishing mailings are carried out:
The website design that fraudsters refer to in their emails is the most similar to the original web page, domain name, and visual design.
Secretly, the malware can sit in the user’s computer and work in the background without anyone knowing about it. It slowly gets information about logins and passwords on bank servers, insurance accounts, and work mail accounts.
Today, the widest possible mailing is not only used but also such types as targeted phishing, whaling, and clone phishing.
What does the anatomy of phishing letters look like?
The topic is often presented as an urgent one requiring immediate action. A method to intimidate is used. In some cases, letters are sent with no theme at all.
The sender has a name that refers to an official or company, such as a technical department or support service. If the name of the sender is not specified, then the letter is untrue and has no relation to the company.
The recipient is often impersonal and treated as a user or a client.
It is often used such expressions that speak of urgency and impossibility to delay the actions because it can lead to irreversible consequences. A very important sign of phishing is low grammatical correctness and the illiterate structure of the text.
The link that should redirect the user to the malicious site often has abbreviations through bit.ly. Sometimes it can be quite normal and short, to increase the degree of correspondence of the text and not cause unnecessary suspicion.
The signature may also be impersonal and look like «Respectfully, Support service» or other impersonal phrases.
The footer may be another evidence of fraud. It may say that the company the letter was sent to does not exist, or that the date of copyright registration is wrong.
The letter often does not have the name of the person or the phone number of the support service to clarify the circumstances. As mentioned, the main aim is intimidation. The text is designed to create confusion, helplessness, etc.
Interesting facts about phishing.
The fact is, 67% of cyber criminals decide to leave the subject line of the email blank. According to the statistics obtained from a study by Atlas VPN in 2022, almost 70% of phishing emails come with an empty subject line. If it is filled, the following percentage is observed:
Report about delivered fax – 9%
Commercial offers – 6%
Requests for a meeting – 4%
Notification of a new voice message – 3.5%
The response to the user’s request – 2%
Urgent requests – 2%
Requests to confirm the order – 2%
Other types of requests – 4%
So, for the first 3 months of 2022, LinkedIn users faced phishing fraud in a particularly large ratio. They accounted for 52% of all attacks in the world. As already mentioned, fraudsters like to use the names of famous brands, so LinkedIn was chosen not by accident. For comparison, in the last 3 months of 2021, the name of the company was used in only 8% of the total number of malicious mailings worldwide. The difference is 44%. LinkedIn for the first time took first place in the number of scams carried out on his behalf. He even beat the giants like Microsoft, Apple, and Google.
The Crypto world is also regularly attacked by cybercriminals. Most affected are users who own Cardano, Luno, and blockchain.com clients. Although this year was extremely unfortunate for the crypto market, the criminals continue to deceive naive users successfully.
The most common deception occurs by creating fakes of the original sites. Blockchain became the leader in the number of fakes of its original web page. From the end of March to the end of June this year, more than 660 copies were created. Luno was copied 277 times and Cardano 191 times.
One of the latest news from SecurityLab was the theft of $2.5 million from NFT purses by phishers from France in a few months in late 2021 – early 2022.
Among the marketplaces, Amazon customers are most often exposed to fraud by phishing. There are over 900 phishing sites that are linked to Amazon.
54% of all successful phishing attacks cost the loss of confidential information.
The reason for increasing the number of phishing attacks.
Every year the percentage of cyberattacks increases. It grows on average by 25% per year in phishing. Today, millions of users worldwide are exposed to such attacks. So why has phishing become a favorite method of cheating?
As the info business expands, consumers become less attentive to detecting possible attacks.
On the other hand, cybercriminals become more and more sophisticated. They have learned to make convincing and plausible letters. By contrast, users lose their vigilance when checking e-mail because they know that various e-mails can be sent from companies, service support, or marketing department of various Internet sites. Therefore, phishing has become very successful today and requires more careful consideration not only by each individual but also by companies and their employees.
Possible solutions to combat phishing for small and medium businesses and corporations
The company’s lack of response to the attacks or willingness to prevent them is a sign that the company does not care enough about data security. Every business needs effective defense of IS concerning corporate information, as well as customer and employee data.
Some actions should be taken in advance to prevent personal data from being accessible by criminals. For example, the use of some protocols (SPF, DKIM) can provide protection. These are globally recognized protocols that use a security standard based on confirming the sending of a specific email to an authorized server. If the email was sent from a domain that does not have a specific company’s appropriate authority, the email will be considered potentially dangerous.
The protocol is enabled by the presence of valid registered mail servers in the DNS record. Depending on company policy, letters from questionable senders can be quarantined, banned, or allowed to view.
Virus Definitions & Security updates are necessary measures for protection against phishing.
Another basic way to protect against phishing is up-to-date antivirus software updates. Many commercial antiviruses can maintain protection at the appropriate level. By updating the software regularly and its support for the used browser, the user can be sure that the sites he or she visits are safe; or he or she will be told if a link or web page is dangerous. Also, the level of device security should be maintained by scanning for the presence of virus programs.
The mandatory application of two-factor authentication will guarantee the reliability of login to personal financial accounts.
When training cybersecurity personnel, special attention should be paid to the issue of phishing mailings. By being aware, they will be able to detect attacks by fraudsters and take protective measures in time.