As internet usage becomes more ubiquitous, the types of attacks are becoming increasingly sophisticated.
In this new series, Steinar Grøtterød, our Director Of Registry Operations And Compliance, will answer some of the recurring questions we get about this type of DNS Abuse. Which was the most prevalent type of attack we saw last year.
Phishing attacks are one of the most common security challenges that both individuals and companies face in keeping their information secure.
What is Phishing?
Phishing is a form of social engineering where attackers deceive people into revealing sensitive information or installing malware such as ransomware.
Phishing attacks have become increasingly sophisticated and often transparently mirror the site being targeted, allowing the attacker to observe everything while the victim is navigating the site, and transverse any additional security boundaries with the victim.
Types of Phishing
Phishing attacks come in many forms! Although they all have the same goal of obtaining your personal information, they can vary from the classic email phishing, spear phishing, and smishing - all of which are quite devious. It's important to stay aware and vigilant of these types of tactics to keep your data safe.
Below are some of the most common types of phishing. We've also created a companion PDF download for you to use and share.
Spear phishing is a targeted phishing attack that uses personalised emails to trick a specific individual or organisation into believing they are legitimate. It often utilises personal information about the target to increase the chances of success.
Whaling and CEO fraud
Whaling attacks use spear phishing techniques to target senior executives and other high-profile individuals with customised content, often related to a subpoena or customer complaint.
Phishing attacks, often delivered via email spam, attempt to trick individuals into giving away sensitive information or login credentials. Most attacks are "bulk attacks" that are not targeted and are instead sent in bulk to a wide audience.
Pharming is a highly technical form of phishing, making it harder to detect. It involves a hacker hijacking the DNS (Domain Name Server), which converts URLs from plain language to IP addresses. When users enter the target website’s URL, the DNS redirects them to another IP address, usually of a malicious website that appears legitimate.
Clone phishing is a type of attack where a legitimate email with an attachment or link is copied and modified to contain malicious content. The modified email is then sent from a fake address made to look like it's from the original sender.
Voice over IP (VoIP) is used in vishing or voice phishing attacks, where attackers make automated phone calls to large numbers of people, often using text-to-speech synthesisers, claiming fraudulent activity on their accounts. The attackers spoof the calling phone number to appear as if it is coming from a legitimate bank or institution
SMS phishing or smishing is a type of phishing attack that uses text messages from a cell phone or smartphone to deliver a bait message. The victim is usually asked to click a link, call a phone number, or contact an email address provided by the attacker.
Page hijacking involves redirecting users to malicious websites or exploit kits through the compromise of legitimate web pages, often using cross site scripting. Hackers may insert exploit kits such as MPack into compromised websites to exploit legitimate users visiting the server.
Calendar phishing involves sending fake calendar invitations with phishing links. These invitations often mimic common event requests and can easily be added to calendars automatically.
Prevention is better than cure, so your focus should be on preventing any attacks before it's too late. Below are some tips for companies and end-users.
How can companies prevent phishing attacks?
- Conduct regular employee training: Train employees to recognise phishing attacks to avoid clicking on malicious links.
- Deploy a spam filter: Set up inbound spam filtering that can recognize and prevent emails from suspicious sources from reaching the inbox of employees.
- Keep passwords secure: Use a short phrase for a password (longer is better, and can be simpler) rather than just a few characters, and change it regularly. Deploy multi-factor authentication on critical business applications.
- Stay up-to-date with security patches and updates: You and your providers should install all the latest patches and updates to protect against vulnerabilities and security issues.
How can end-users prevent phishing attacks?
- It's important to be careful when it comes to sharing personal information. Unless you know and trust the company, it's best to double-check before giving away private details. If you're not sure, you can always reach out to the company itself to make sure it's legitimate.
- To figure out if an email is legit, always check the sender’s name. If it's different than the company’s domain, it might be a warning sign. So keep an eye out and stay safe!
- Be careful not to click on links or download files, even if they're from sources you trust.
- Be sure to double-check the URLs included in an email. Even if they look valid, hovering over them may reveal a different web address. To stay safe, never click any links within an email unless you're certain that it's legit.
- Always be vigilant when it comes to grammar and spelling. Professional businesses will employ proofreaders and editors to make sure their materials are accurate. Keep an eye out for any mistakes!
- Don't panic if you get an alarming message from a company you're affiliated with – double check their status to make sure everything is okay.
- Phishing emails are designed to be sent out to a large group of people. Therefore, they tend to be quite impersonal. If a user is receiving an email with a generic subject or greeting, there is a good chance it is a phishing attempt and should be handled with caution.
- Not everyone has access to complex anti-phishing software, but they can still protect themselves from phishing attacks. Their email clients have built-in filters that can be used, such as blocking any images that have not been approved.
- Legitimate companies won't send out emails unless there's a specific purpose. Generally, they won't send unsolicited messages unless it's for company announcements, newsletters, or promotions.
- When reading emails or messages, it's important to consider the context. For example, when interacting with online accounts, be cautious if you receive an email with a “account number” – this is not usually something that the service offers.
- Pay attention to anythingOdd mentions of certain computer programs or operating systems that are not usually used by everyday people could be signs of a phishing attack. Stay alert!
- If something appears suspicious or untrustworthy, it is most likely best to avoid sharing that information. It is better to be safe than sorry, as the saying goes.
My domain name has been reported for phishing, what should I do?
If your domain name has been reported for phishing, you should follow the guidelines given by the source of notice (Reputation Block List provider).
The goal should be to get your domain name removed from the block list. Below, we've provided a selection of links to Reputation Block List providers and how to get your domain delisted.
Other Useful Links
- APWG Public Education
- APWG: How to Redirect a Phishing Site Web Page to the APWG.ORG Phishing Education Page
- Criteria for detection for the CRDF Threat Center database
- Malware Patrol: Fight Against Phishing Attacks
- Phishtank FAQ
- SpamHaus FAQ
- SURBL FAQ
- WEB.DEV Safe & Secure
- CRDF: Forensic domains name investigation tools
And that wraps up the first in our "What Is" series.
We hope you found it useful and be sure to check soon for the next instalment!