Got a tip? Let us know

                 


Phishing attacks-part 1

May 01,2017 2 comments

General introduction

If you appreciate that a humble human can become a hot-blooded witch, then you know the dangers of humble appeals. Often soothing by nature simply because, most of them appeal to your inner self. It is also by this technique that crime has and will continue to advance. An existing reproduction of such scenes takes you back to phishing. It is often the common denominator for most cyber threats. In most scenarios, it is mitigated through the most powerful attack method, one that cannot be patched by the latest software updates. Malicious hackers use it to deliver dangerous software (malware), steal your personal information which is later used to drain your account to zero. If you have never been a victim (albeit very unlikely), don’t hero yourself by ignoring this knowledge base. Prevention is the precursor of cure. It is of interest to me to pass this knowledge to you, and you to your friends and enemies. So keep engulfing the knowledge.

Phishing is the use of fraudulent email, websites, text messages and phone calls to trick people into disclosing personal financial or identity information, such as credit card or Social Security numbers, user names (e.g., NetID) and passwords that can later be used to access otherwise protected data. As can be seen, it has spread wide its wings of propulsion up to and including your very own personal ways of communication. And that is where its success begins; where you are highly susceptible to failure. I will be impossible to discuss each of these modes of propulsion in one article and at the same time giving you the adequate information about the same; it is for this reason that I will subdivide this information into various parts. In this part one, I will discuss the most common form of this attack. Hopingly, you will follow throughout the series.

Part 1: -Email phishing

Email as a communication tool can be said to be the global infrastructure of communication in corporations and businesses. Were you to count the number of businesses or just personal colleagues using email, it would be, in a scale of 1 to 10, a 9. Email provides us a convenient and powerful communications tool, yet it also provides scammers and other malicious individuals an easy means for luring potential victims. These attempted scams run from the old-fashioned bait-and-switch operations to phishing schemes using a combination of email and bogus websites to trick victims into divulging sensitive information. To stay on board away from the sharks, you need to know both of these techniques. I will first explore the old-fashioned baits though they still work effectively.

Ideal business opportunities. I will bet that a promise of an opportunity to make a great deal of money with very little effort will melt your low-melting-point heart. Especially if you are a desperate college student or a graduate hungry for money. They don’t have to do it the hard way, there are scams meant entirely for this and believe me they will catch up with you. They’re normally full of enticements such as “Work only 2 hours a week and earn hundreds of dollars,” “Be your own boss,” “Set your own working hours,” and “Work from home.” The subject of the emails may even smell sweeter honey; “Make a Regular Income Online”  “be the rich internet kid” In most cases, the email gives very little detail about the nature of the business opportunity. Most provide an address or website from which you can, for a fee, obtain an “information kit” about the opportunity. These opportunities, however, usually amount to nothing more than pyramid schemes in which the “opportunity” involves your ability to recruit more unsuspecting people to buy into the scam. Eventually, the scam is uncovered or the pool of new recruits runs dry and it fails.

Health and diet scams. These are like the lioness unto an antelope. They prey on the insecurities some people have about the state of their well-being. Consider the examples below

  1. Reduce body fat and build lean muscle without exercise.
  2. Increase Your Sexual Performance Drastically.
  3.  Natural Health Remedy That Gives energy and burns fat. It Works!
  4. Need to lose weight for summer?

These insecurities are so effective at making some people particularly susceptible to the scams because they may be reluctant or embarrassed to discuss their problems with a doctor, or they can’t afford to buy legitimate drugs or treatment. The scams attempt to lure consumers with promises of quick fixes and amazing results, discount pricing, fast delivery, waived prescription requirements, privacy, and discreet packaging. Though they may be backed by customer testimonials, beware: the products don’t work.

Huge discounts on software offers.

These scams frequently consist of advertisements for cheap versions of commercial software like Windows 10 or Adobe Photoshop or Illustrator or majorly antivirus software like avast. The discounts offered may be hard to believe, and with good reason: the scammers either do not deliver the promised software at all or provide illegal, pirated versions preloaded with Trojan horse software the scammer or other malicious individuals can use to exploit your computer and the information it contains. The cheaper the thing, the more expensive the result for using it.

 

And now to more advanced techniques.

General phishing Email

Phishing emails are crafted to look as if they’ve been sent from a legitimate organization. These emails attempt to fool you into visiting a fake website to either download malware (viruses and other software intended to compromise your computer) or reveal sensitive personal information. The perpetrators of phishing scams carefully craft the fake website to look like the real thing.

an example of a phish email

Some of them like the above example have links. Before you click the link. Rest your mouse (but don’t click) on the link to see if the address matches the link that was typed in the message. I the example below it shows that the real web address is not the same as the one that was typed.

a phish link

Some of them also contain threats that are used as a tactic to scare you into opening your email to “protect” your account from further breaching. If the humble plea didn’t get your eyes then the threat will.

For instance, an email can be crafted to look like it is from a major bank. It might have an alarming subject line, such as “Problem with Your Account.” The body of the message will claim there is a problem with your bank account and that, in order to validate your account, you must click a link included in the email and complete an online form.  But be in the know carefully examine any email from your banks and other financial institutions. Most banks have instituted policies against asking for personal or account information in emails, so you should regard any email making such a request with extreme skepticism.

Trojan Horse Email

Like the old crafted Trojan horse (in the Greek mythology)used to hide Troy soldiers into a successful ambush against the Mycenaean soldiers, Trojan horse email offers the promise of something you might be interested in—an attachment containing a joke, a photograph, or a patch for a software vulnerability. When opened, however, the attachment may do any or all of the following:

  1. create a security vulnerability on your computer to open a secret “backdoor” to allow an attacker a future illicit access to your computer
  2. install a software that logs your keystrokes and sends the logs to an attacker (key logger), allowing the attacker to sample out your passwords and other important information
  3. install software that monitors your online transactions and activities Provide an attacker access to your files turn your computer into a “bot” an attacker can use to send spam, launch denial-of-service attacks, or spread the virus to other computers.

Consider a case study of the “Love Bug” virus, attached to an email with the subject line “I Love You” and which asked the recipient to view the attached “love letter.” Be keen on the following: email posing as virtual postcard, email masquerading as security bulletin from a software vendor requesting the recipient apply an attached “patch”, email with the subject line “funny” encouraging the recipient to view the attached “joke”, email claiming to be from an antivirus vendor encouraging the recipient to install the attached “virus sweeper” free of charge

Virus-Generated Email

Note that, in some cases, a familiar “from” address does not ensure safety: Many viruses spread by first searching for all email addresses on an infected computer and then sending themselves to these addresses. So, if your friend’s computer has become infected with such a virus, you could receive an email that may, in fact, come from your friend’s computer but which was not actually authored by your friend. If you have any doubts, verify the message with the person you believe to be the sender before opening any email attachment.

Generally, consider the following:

  1. Do not click on links, download files or open attachments in emails from unknown senders.
  2. It is best to only open attachments when you are expecting them, even if you know the sender.
  3. Never email personal or financial information. You never know who may gain access to your email account.
  4. Never enter personal or company information into a pop-up screen Check your online accounts and bank statements regularly
  5. Always treat your email password like the “keys to the kingdom,” because that is what it is to spammers/hackers.
  6.  Don’t make passwords anything personal. If the spammer/hacker has your name, it is easy to find out those details from social media.
  7. If you know the sender of an email, be hesitant. If you don’t know the sender, delete the email or check it with your IT department.                

After an attacker successfully tricks you into clicking a link, you are often taken to a website to complete your anticipated gift. It is surprisingly easy to tell a fake website from a genuine one. In part two of the series, I will tell you how.



Michael Jaroya

He is a technology enthusiast, a writer, and motivator.An individual with the love for humanity. .


More in this category: Social Engineering-The art of human attack ยป


Comments

jobs from home - May 07,2017 at 12:53 am
Hmm is anyone else having problems with the images on this blog loading? I'm trying to figure out if its a problem on my end or if it's the blog. Any suggestions would be greatly appreciated..
educational sites - May 07,2017 at 10:44 am
I've been exploring for a bit for any high quality articles or weblog posts in this sort of house . Exploring in Yahoo I ultimately stumbled upon this site. Reading this info So i am happy to exhibit that I've an incredibly excellent uncanny feeling I came upon exactly what I needed. I most certainly will make sure to don?t overlook this web site and provides it a glance on a continuing basis..

Add Comment