How Phishing And Whaling Attack Works Techniques To Prevent

We must thank IT virtualization as it led us to cloud technology. Today's IT infrastructures are already running their mission critical business applications on virtual machines. Like the physical infrastructure, virtualization is also cursed with cyber security challenges. This article talks about a typical open source virtualization solution and depicts the steps to secure its.


Phishing

What is Phishing?

Phishing is a type of cyber-attack often used to steal user data, including login credentials, credit card information and other very sensitive information. The targets are contacted via emails, telephone or text message by attacker posing as a legitimate user to lure individual into providing very sensitive information. The information can thus be further used by attacker to access important accounts and can result in financial loss and identity theft.

Moreover phishing is also used to gain a foothold in a corporate network as a part of larger attack. Employees are compromised in order to bypass security parameters, distribute malware inside a closed environment, or gain privileged access to secured data.
An organization withstanding to such an attack typically sustain severe financial as well as declining market share, reputation, and consumer trust.

Type of phishing attacks

Spear Phishing: When attacker phishing attempt is directed at specific individuals or companies is termed as spear phishing. Phisher identifies their targets (sometimes using information on sites like LinkedIn, Facebook and other social sites) and use spoofed addresses to send emails that could plausibly look like they're coming from co-workers.

Threat Group-4127 (Fancy Bear)used spear phishing tactics to target email accounts linked to Hillary Clinton's 2016 presidential campaign. They attacked more than 1,800 Google accounts and implemented the accounts-google.com domain to threaten targeted users. [Wikipedia]

Whale Phishing (Whaling): Whale phishing, or whaling, is a form of spear phishing directed specifically at senior executives and other high profile targets. Many of these scams target company board members, who are considered particularly vulnerable as they have a great deal of authority within a company, but since they aren't full-time employees, they often use personal emails for business-related correspondence, which doesn't have the protections offered by corporate email.
In 2016, an employee at Snapchat disclosed the company’s entire payroll data to a scammer – the employee had responded to an email that looked to be from the CEO and responded promptly. In another whaling attack, an employee at a commodities firm wired $17.2 million in several installments to a bank in China, as requested by what looked to be emails from the CEO. The company was planning to expand their business into China at the time, so the request seemed plausible enough.[Wikipedia]
In both of those incidents, the victim failed to identify the whaling attack. It’s critical to train executives and staff to be vigilant and on alert for any phishing scams.

Common features of phishing attack:

Too Good To Be True– To attract people’s attention immediately, lucrative offers and eye catching statements are designed. A lot of them claim that you have won an iPhone, a lottery, or some other lavish prize. Beware! Just don't click on any suspicious emails. If it is too good to be true, it probably is!

Sense of Urgency

A favorite tactic amongst cybercriminals is to create a sense of urgency to make you act fast and not think twice. They will tell you that your account will be closed unless you update your personal details immediately. Most reliable organizations give enough time before they terminate an account and they never ask users to update personal details over the Internet.

Hyperlinks

A link may not be what you think it is. The link can direct you to phishing site. Hovering over a link sometimes shows you the actual URL where you will be directed upon clicking on it but It could be in some circumstances be overridden by the phisher. Look carefully. For instance , it appears as though the URL (www.yourbank.example.com) will take you to the yourbank site, but it actually is pointing to yourbank section of example website(phishing section).

Attachments

If you see an attachment in an email you weren't expecting or that doesn't make sense, never open it! They often contain payloads like ransomware or other viruses. Always keep your antivirus updated and scan the attachment before you open it.
Unusual Sender - Whether it looks like it's from someone you don't know or someone you do know, if anything seems out of the ordinary, unexpected, suspicious in general don't click on it!

Phishing working

How to prevent it

Phishing attack protection requires steps to be taken by both users and enterprises. For user: Vigilance is the key. A spoofed message generally contains subtle mistakes that expose its true identity. These can include domain name change, spelling mistakes. Spam filters can be used to protect against spam emails. The spam filters assess the origin of the message, the software used to send the message and the appearance of the message to determine if it’s a spam. The setting of the browser should be as such that it allows only reliable websites to open up and block all fraudulent websites with alert generation.
Organizations use monitoring systems to prevent phishing. Individuals can report phishing to industry groups where legal actions can be taken against these fraudulent websites. To recognize the risk, organizations should provide security awareness training to employees.
Generally secure websites with a valid secure socket layer (SSL) certificate begins with “https”. Check the link before clicking it.
Don’t post the personal data, like your birthday, vacation plans, or your address or phone number, publicly on social media.
For Enterprises, a number of steps can be taken to prevent phishing attacks:
Two Factor Authentication (2FA) is the most effective method for countering phishing attacks, as it provides an additional verification layer when logging in to sensitive applications. 2FA uses a combination of two factors, something they know, such as a password and user name (when you login), and something they have, such as their smartphones (like Otp to verify). Even when individuals are compromised, 2FA prevents the use of their compromised credentials, since these alone are not sufficient to gain entry.
Password Management Policy: In addition to using 2FA, organizations should impose strict password management policies. For example, employees should be required to frequently change their passwords and not to be allowed to reuse password for multiple applications.
Sandboxing: “Sandboxing” inbound email, checking the safety of each link a user clicks.
Inspecting and analyzing web traffic or Pen-testing your organization to find weak spots and use the results to educate employees.
Using Antiphishing software and services: Antiphishing software consist of computer programs that attempt to identify phishing content contained in websites, emails or other forms used to accessing data. It blocks the content, usually with a warning to the user. It is usually integrated with web browsers and email clients as a toolbar that shows the real domain name for the website the viewer is visiting, in an attempt to prevent fraudulent websites from masked as other legitimate websites.

The popular phishing scams trends of 2018:


  • Account Verification
  • One of the most common types of personal phishing emails targets users’ accounts on common social media or vendor sites. You’ll get an email that seems to be coming from a noteworthy organization or company (such as Facebook, Apple or Amazon) stating that some issue exists with your account and that you have to sign in to address it. Links within the email take you to a site that masquerades as that company’s authentic site and request your login credentials. As a result, an attacker takes your login credentials for use on that site and to test for reuse on other websites.



  • Cloud-Based File Sharing
  • Cloud-based file-sharing services like Google Docs, Dropbox and Office365 make business increasingly effective by giving a quick and simple approach to share documents, files and folders across teams. However, the frequency of use and the normality of receiving sudden unexpected documents has made them a prime attack vector for phishers.
    A normal phishing attack consists of a link to what appears to be a shared file on Google Docs, Dropbox or some other file-sharing site. In reality, the link will point to a site pretending to be that file-sharing site and requesting a login. This can be utilized by attacker to steal a victim’s credentials or infect the victim’s PC with a malicious file.


  • Cryptocurrency ICOs
  • Blockchain and cryptocurrency have turned out to be very popular over the last couple of years. In cryptocurrency, an Initial Coin Offering (ICO) sale is a crowdfunding occasion where the creators of a new cryptocurrency ask the public to send them cryptocurrency to help fund development. The developers provide their address on a common cryptocurrency (like Bitcoin) for the money to be sent to.


    Due to how these blockchains work, it’s really impossible to tell that an address actually belongs to an individual. Attackers have taken advantage of this by sending out fake ICO sale announcements for widespread cryptocurrencies, with an announcement pointing to an address controlled by the attacker. Recipients who want to participate in the sale send cryptocurrency to that address, giving phisher a way of benefitting from the attack.
  • Docusign
  • Docusign is a digital transaction management platform designed to allow people to digitally sign documents, making it easier to sign leases, contracts and other paperwork. Since Docusign notifications of signature requests come from a Docusign email address, people don’t expect them to come from an email address that they recognize and trust. Phishers exploit this by sending messages that originate from a domain that appears to be like the Docusign domain. In the event that you click on the link, it'll request that you sign into your email account to see the document, giving the phisher control of your inbox.


  • Fake Invoices
  • As per Symantec’s 2018 Internet Security Threat Report, fake emails are the primary means by which phishers disguise and distribute malware. By claiming that an attached Office or PDF document is an unpaid invoice and that service will be terminated if it remains unpaid, a phisher increases the likelihood that the target will open it. This type of spear phishing email can be very effective against both individuals (by pretending to be Amazon, Apple and other such retailers) and businesses (by impersonating one of their sellers or providers).


  • General Data Privacy Regulation (GDPR)
  • The General Data Privacy Regulation (GDPR) is a European Union (EU) privacy law that became effective May 25th, 2018. This regulation increased the requirements and penalties for the protection of EU citizen data, and many organizations were not prepared for the new regulation. As a result, in early 2018 phishers utilized the guise of giving information or services related to preparing for the regulation as a lure for phishing emails.


  • Package Delivery
  • Phisher take advantage of people loves getting presents, so they send a fake delivery notification for a package that you have not even ordered. This is one of the older phishing scams out there: An attacker will pretend to be from some mailing service and provide you a link or attachment containing the details of your fake order. When you will click on the link, you’ll be infected with malware or tricked into providing the attacker with your login credentials.

  • Political Campaigns
  • Phishing emails about the US Presidential election were common in 2016’s political campaign. The same trend was seen in Russia’s Presidential election held on March 18th, 2018. Emails asking for participation in public opinion polls were common. In some cases, phishers would promise a reward for participating, motivating people to provide their credit card or bank information. As a result, the attackers were able to transfer money out of the target’s accounts.


  • Tax Scam
  • Phishers takes advantage of tax seasons. In the weeks and months leading up to tax season, it’s usual to see a sudden increase in the number of phishing emails claiming to originate from the government tax authorities.
    These emails typically claim that an individual is delinquent on their taxes and provides an alleged means to fix the issue before extra fines or legal action are sought after. In any case if you follow the instructions in the email, your money goes to the phishers rather than the government.

    Conclusion

    Phishing is one of the simplest and oldest types of cyber-attacks. Attackers are out there looking to scam and deceive people and It is easiest to do because people are overly trusting, naïve and fall for it easily. Due to low chances of phishers getting caught, it remains a very attractive option for attackers. But you can ensure that your organization does not become a victim by employing trainings, conducting phishing campaigns and by using best services and technologies to prevent phishing attacks.