Phishing is probably one of the most common and well-known attack methods today. Google is reportedly blocking 18 million coronavirus scam-emails every day and registered a record 2 million phishing websites in 2020. Even though phishing attacks are constantly evolving, becoming technologically sophisticated and more prevalent, the following trio of basic laws apply at the heart of an attacker’s strategy.
Imitate, Motivate and Act
Imitation is the impersonation of a trusted source. A phishing message will always strive to look like it originates from a trusted organization or individual. Most cybercriminals try hard to make their messages look legitimate and convincing, using the same fonts and copying colors, logos and branding to fool people.
Motivation is the social engineering part of the phishing attack. Scammers tailor messages for one single reason — to motivate people to take action such as a click, reply, download or tweet. They exploit human instincts by crafting phishing messages that get victims upset, curious, infuriated or anxious. Such messages play on a victim’s emotions, provoking a response.
Act is the final step or the invisible hook that is lurking in a phishing attack. This could be a form that a user can fill out, a click on a social media post or instant message, or simply a visit to a site that could cause a drive-by download. Upon a successful click or download, the victim might be stuck with some kind of malware or backdoor Trojan that can evade detection for a long time.
Even a carefully crafted, well-polished phishing attack exudes telltale signs indicating the email is neither legitimate nor trustworthy. The above slideshow highlights six common signs to watch for.
The best way to avoid phishing is by looking out for these telltale signs and steering clear of clicking on any attachments, links in emails, tweets, Facebook pages, and the like. Vigilance is not an inherent but an acquired trait, and it only comes through routine practice and experience. One of the most effective ways of acquiring this muscle memory is through ongoing simulated phishing exercises that train staff on newer, evolving techniques, creating a mindset of what they should be looking out for.
Suspicious sender’s address
One of the hallmark signs of phishing is that hackers create fake sender addresses that appear legitimate. Some are relatively easy to spot as many hackers use generic email domains like gmail.com or yahoo.com. Some attackers use email spoofing to create forged email addresses whereby the sender’s name is visible while the email itself is hidden. As you can imagine, many recipients don’t go the extra mile of checking a spoofed sender’s address, especially on mobile devices. Another form of spoofing is the use of look-alike or cousin domains. Attackers purchase domains with similar names having extensions such as .biz, .co, .net, that appear legitimate.
Generic salutation and sign-off
One of the most obvious signs of phishing is that the message content addresses the receiver as a generic recipient instead of an individual person. This is a strong sign of phishing. For example, “Dear Depositor” or “Dear Customer”. Sometimes the phisher will use a first initial and last name, copying an email address in part. Similarly, the email sign-off could be impersonal; typically, a customer service title or generic department rather than a specific person’s name and contact.
Subject lines that spawn urgency or raise alarms
Crafty phishers often use scare tactics in hopes that their readers will click malicious links, download attachments and fill forms out of worry, urgency, or confusion. Such content is often designed around alleged updates that are immediately required, payments that urgently need to be made, or sign-ins that must happen now. For example: “New sign-in to your account detected”, “Suspicious activity detected,” “Password expired,” and “Account Closure” are all common subject lines one may find in a phishing attempt.
Fake file attachments
In this type of phishing attack, an attachment is delivered along with an email message. Attachments may appear like a PDF or document, but are really an image with a hidden URL, while others could bring up a sophisticated impersonation of a fake login screen. In a recent example, fake meeting invitations impersonating Zoom calls surfaced online, targeting Microsoft users with fake attachments that took victims to bogus Zoom login screens.
Use of URL shorteners
URL shortening is a common technique used by social media giants like Twitter, LinkedIn, and Facebook that reduce the size and complexity of longer website addresses (URLs) by replacing longer links with a shorter link. Hackers often disguise rogue URLs by using these shorteners, thereby preventing easy detection of known malicious sites or destinations. For example, instead of seeing an obvious URL that indicates a website in Romania, Ukraine, Nigeria, or Russia, a shortened URL doesn’t reveal where a link will take them or what they’ll find once they get there. Readers must immediately recognize this red flag and avoid clicking on a shortened URL.
Social engineering red flags
Because the underlying principles of manipulation (lure victims with bait and then catch them with hooks) remain constant, cyber thieves are known to apply similar techniques to other forms of communication, regardless of the medium. Sophisticated scammers are quick to target alternative channels like social media, telephone, or Texts (SMS). So beware of “Smishing” (Social Media Phishing) messages you get on Messenger.
