"What Is.." Series - Understanding Phishing

As internet usage becomes more ubiquitous, the types of attacks are becoming increasingly sophisticated.

In this new series, Steinar Grøtterød, our Director Of Registry Operations And Compliance, will answer some of the recurring questions we get about this type of DNS Abuse. Which was the most prevalent type of attack we saw last year.

Phishing attacks are one of the most common security challenges that both individuals and companies face in keeping their information secure.

What is Phishing?

Phishing is a form of social engineering where attackers deceive people into revealing sensitive information or installing malware such as ransomware.
Phishing attacks have become increasingly sophisticated and often transparently mirror the site being targeted, allowing the attacker to observe everything while the victim is navigating the site, and transverse any additional security boundaries with the victim.
Source: Wikipedia

Types of Phishing

Phishing attacks come in many forms! Although they all have the same goal of obtaining your personal information, they can vary from the classic email phishing, spear phishing, and smishing - all of which are quite devious. It's important to stay aware and vigilant of these types of tactics to keep your data safe.

Below are some of the most common types of phishing. We've also created a companion PDF download for you to use and share.

Spear phishing

Spear phishing is a targeted phishing attack that uses personalised emails to trick a specific individual or organisation into believing they are legitimate. It often utilises personal information about the target to increase the chances of success.

Whaling and CEO fraud

Whaling attacks use spear phishing techniques to target senior executives and other high-profile individuals with customised content, often related to a subpoena or customer complaint.

Email phishing

Phishing attacks, often delivered via email spam, attempt to trick individuals into giving away sensitive information or login credentials. Most attacks are "bulk attacks" that are not targeted and are instead sent in bulk to a wide audience.

Pharming

Pharming is a highly technical form of phishing, making it harder to detect. It involves a hacker hijacking the DNS (Domain Name Server), which converts URLs from plain language to IP addresses. When users enter the target website’s URL, the DNS redirects them to another IP address, usually of a malicious website that appears legitimate.

Clone phishing

Clone phishing is a type of attack where a legitimate email with an attachment or link is copied and modified to contain malicious content. The modified email is then sent from a fake address made to look like it's from the original sender.

Voice phishing

Voice over IP (VoIP) is used in vishing or voice phishing attacks, where attackers make automated phone calls to large numbers of people, often using text-to-speech synthesisers, claiming fraudulent activity on their accounts. The attackers spoof the calling phone number to appear as if it is coming from a legitimate bank or institution

SMS phishing

SMS phishing or smishing is a type of phishing attack that uses text messages from a cell phone or smartphone to deliver a bait message. The victim is usually asked to click a link, call a phone number, or contact an email address provided by the attacker.

Page hijacking

Page hijacking involves redirecting users to malicious websites or exploit kits through the compromise of legitimate web pages, often using cross site scripting. Hackers may insert exploit kits such as MPack into compromised websites to exploit legitimate users visiting the server.

Calendar phishing

Calendar phishing involves sending fake calendar invitations with phishing links. These invitations often mimic common event requests and can easily be added to calendars automatically.

Preventing Phishing

Prevention is better than cure, so your focus should be on preventing any attacks before it's too late. Below are some tips for companies and end-users.

How can companies prevent phishing attacks?

  • Conduct regular employee training: Train employees to recognise phishing attacks to avoid clicking on malicious links.
  • Deploy a spam filter: Set up inbound spam filtering that can recognize and prevent emails from suspicious sources from reaching the inbox of employees.
  • Keep passwords secure: Use a short phrase for a password (longer is better, and can be simpler) rather than just a few characters, and change it regularly. Deploy multi-factor authentication on critical business applications.
  • Stay up-to-date with security patches and updates: You and your providers should install all the latest patches and updates to protect against vulnerabilities and security issues.

How can end-users prevent phishing attacks?

  • It's important to be careful when it comes to sharing personalinformation. Unless you know and trust the company, it's best todouble-check before giving away private details. If you're not sure, youcan always reach out to the company itself to make sure it'slegitimate.
  • To figure out if an email is legit, always check the sender’s name. Ifit's different than the company’s domain, it might be a warning sign. Sokeep an eye out and stay safe!
  • Be careful not to click on links or download files, even if they're from sources you trust.
  • Be sure to double-check the URLs included in an email. Even if they lookvalid, hovering over them may reveal a different web address. To staysafe, never click any links within an email unless you're certain thatit's legit.
  • Always be vigilant when it comes to grammar and spelling. Professionalbusinesses will employ proofreaders and editors to make sure theirmaterials are accurate. Keep an eye out for any mistakes!
  • Don't panic if you get an alarming message from a company you'reaffiliated with – double check their status to make sure everything isokay.
  • Phishing emails are designed to be sent out to a large group of people.Therefore, they tend to be quite impersonal. If a user is receiving anemail with a generic subject or greeting, there is a good chance it is aphishing attempt and should be handled with caution.
  • Not everyone has access to complex anti-phishing software, but they canstill protect themselves from phishing attacks. Their email clients havebuilt-in filters that can be used, such as blocking any images thathave not been approved.
  • Legitimate companies won't send out emails unless there's a specificpurpose. Generally, they won't send unsolicited messages unless it's forcompany announcements, newsletters, or promotions.
  • When reading emails or messages, it's important to consider the context.For example, when interacting with online accounts, be cautious if youreceive an email with a “account number” – this is not usually somethingthat the service offers.
  • Pay attention to anythingOdd mentions of certain computer programs or operating systems that are not usually used by everyday people could be signs of a phishing attack. Stay alert!
  • If something appears suspicious or untrustworthy, it is most likely bestto avoid sharing that information. It is better to be safe than sorry,as the saying goes.

My domain name has been reported for phishing, what should I do?

If your domain name has been reported for phishing, you should follow the guidelines given by the source of notice (Reputation Block List provider).

The goal should be to get your domain name removed from the block list. Below, we've provided a selection of links to Reputation Block List providers and how to get your domain delisted.

Other Useful Links

And that wraps up the first in our "What Is" series.

We hope you found it useful and be sure to check soon for the next instalment!