Yellowstone Computing
(715)-669-6136
  • Home
  • Services
  • Support
  • Contact
  • Blog
  • About
  • Reviews
  • Repairs

Something’s Phishy: How to Detect Phishing Attempts, Part 1

7/21/2017

 
This week, a guest article from MalwareBytes on avoiding phishing attacks.
Posted: June 26, 2017 by 
Wendy Zamora 

“Dear you,
 It appears you need to update your information. Click here to tell us all your secrets.
 No really, it’s totally safe. We’re not going to steal your identity, we swear.”


If only phishing attempts were that obvious. Instead, these days it’s hard to tell a phish apart from a foul, if you catch my drift. Modern-day phishing campaigns use stealthy techniques to target folks online and trick them into believing their messages are legit. Yet for all its sophistication, phishing relies on one of the basest of human foibles: trust. Detecting a phish, in its various forms, then requires you to hone a healthy level of skepticism when receiving any kind of digital communication, be it email, text, or even social media message. In order to understand how we got here, let’s go back to the first instance of phishing.

The Nigerian Prince and Early Phishing
Back in the early days of the Internet, you could marvel at your “You’ve Got Mail” message and freely open any email that came your way. You’d get one email a day, tops, from your new best friend you met in the “grunge 4EVA” chat room. There was no such thing as junk email. The only promotions you received were CD copies of AOL in the snail mail. It didn’t cross your mind that going online could bring about danger. Then came the Nigerian prince. Unfortunately, where innovation and progress lead, corruption and crime will inevitably follow. One of the nation’s longest-running scams, the Nigerian prince phish came from a person claiming to be a government official or member of a royal family who needed help transferring millions of dollars out of Nigeria. The email was marked as “urgent” or “private,” and its sender asked the recipient to provide a bank account number for safekeeping the funds. Gone were the innocent days of trusting your inbox.

Over the years, the Nigerian prince scam has fooled millions, raking in hundreds of billions of dollars. Why has this scam been so successful? Simple. It uses a time-honored criminal technique—the ole bait and switch—to fool folks into believing that they are being contacted by a legitimate organization with a legitimate concern. Threat actors use this social engineering method to trick unwilling participants into clicking on malicious links and handing over personal information. The end goal, as with most cybercrime, is financial gain.

Phishing attacks aim to collect personal data—including login credentials, credit card numbers, social security numbers, and bank account numbers—for fraudulent purposes. The attack is most commonly delivered as an email communication that spoofs a known enterprise, such as a bank or online shopping site, but it can also appear to come from an individual of authority or of personal acquaintance. These emails always contain a link that sends users to a decent facsimile of a valid website where credentials will be collected and sent to the attacker, instead of the supposedly trusted source. From there, the attacker can exploit credentials to commit crimes such as identity theft, draining bank accounts, or selling personal information on the black market.

“Truth be told, phishing is the simplest kind of cyberattack and, at the same time, the most dangerous and effective,” says Adam Kujawa, Director of Malware Intelligence. “That is because it attacks the most vulnerable and powerful computer on the planet: the human mind.”

The Evolution of Phishing
While the Nigerian prince attack vector remains in use today, most savvy Internet users can now spot this scam a mile away (hence the multitude of memes that have popped up over the years). The campaign has lost its edge and fooled way fewer users. Plus, email technology has progressed so that spam filters readily pick up on this phish and block it. And this is why cybercriminals have had to advance their tactics.
“Phishers had no other choice but to evolve and improve on where they fell short,” says Jovi Umawing, Malware Intelligence Analyst at Malwarebytes. “Nowadays, most sophisticated modern-day phishing emails are so polished and well-designed that one cannot easily differentiate them from legitimate ones.”
Case in point: Recent phishing campaigns have had great success impersonating big-name companies and fooling big-name recipients. In May 2017, a phishing email targeted one million Gmail users by purporting to be from a contact sharing Google Docs. In Minnesota alone, state employees were scammed out of $90,000 due to the Google Docs fiasco. Hillary Clinton’s campaign manager for the 2016 presidential election, John Podesta, famously had his Gmail hacked and subsequently leaked after falling for the oldest trick in the book—a phishing attack claiming that his email password had been compromised (so click here to change it).

Next week, Part 2 will cover the different types of phishing and some best practices for avoiding them. 

Comments are closed.

    Yellowstone Computing

    To read about us, click here!

    Archives

    December 2020
    November 2020
    October 2020
    September 2020
    August 2020
    July 2020
    June 2020
    May 2020
    April 2020
    March 2020
    February 2020
    January 2020
    December 2019
    November 2019
    October 2019
    September 2019
    August 2019
    July 2019
    June 2019
    May 2019
    April 2019
    March 2019
    February 2019
    January 2019
    December 2018
    November 2018
    October 2018
    September 2018
    August 2018
    July 2018
    June 2018
    May 2018
    April 2018
    March 2018
    February 2018
    January 2018
    December 2017
    November 2017
    October 2017
    September 2017
    August 2017
    July 2017
    June 2017
    May 2017
    April 2017
    March 2017
    February 2017
    January 2017
    November 2016
    October 2016
    December 2015
    September 2015
    July 2015
    May 2015
    April 2015
    March 2015
    February 2015
    January 2015
    December 2014
    November 2014
    October 2014
    September 2014
    August 2014
    July 2014
    June 2014
    May 2014
    April 2014

    Categories

    All

    RSS Feed

Visit Us!

What Our Clients Are Saying

Joe is really in tune with what our business needs are... what a great guy with amazing skills... - Grassland Veterinary Service

Yellowstone Computing goes above and beyond for their customers! Joe is very knowledgeable and will go the extra mile to make sure his customers not only get what they asked for but also makes sure they are taken care of for many years to come! Between the great business services they provide and their involvement in the Thorp Chamber I'd highly recommend doing business with Yellowstone Computing! Whether you are an individual looking for computer or other technology help or a large employer who needs to either supplement your current IT support or completely outsource it Yellowstone Computing should be one of your first calls! - Justin Z.