Phishing 101, One Byte Away from Catching the Hook

Wrapping things up in our October’s Cybersecurity blog post series, as the saying goes we have left the “best” for last. Out of all attack types outthere, phishing is considered to be one of the easiest, and thus one of the most widespread types of fraudulent activity, bridging the gap between an actual hacking attempt and a simple scam.

• Review our Series 1 → Security Hardening Essentials to Keep Your Site Safe
• Review our Series 2 → An in-depth Dive into the World of the Content Security Policy (CSP)
• Review our Series 3 → Firewall, The First Layer of Passive Defense Strategy

What is Phishing Exactly?

Fishing for data is one of the top favorite activities of a hacker. Whether it be for financial gain on the back of someone else, or simply to cause social damage and wreak havoc on their unsuspecting victim, you will most definitely run into an attempted method of hacking over your usage of any online service at some point, most of which attempts will either be thwarted by the service or you will not even notice until it may be too late.

Phishing in its core is a fraudulent attempt to obtain a user sensitive information such as usernames, passwords, and credit card details, often for malicious reasons, by disguising as a trustworthy entity in electronic communication. It can be executed via several possible scenarios, the most common of which is through email correspondence.

SMTP Email Spoofing

Before diving into a bit more details, we need to understand what exactly email spoofing is and what harms it might cause. Essentially, it is the process of creating an email header which makes the message to appear as it originated from someone else’s or somewhere other than the actual source. Such activity is considered as a fraudulent one and it is mainly used in phishing and spam campaigns. Such emails trick the user to think it has been sent by a legitimate source which increases the chances of people actually opening the email.

The goal of email spoofing is to get recipients to open, click links or possible even respond to the email in hopes to further extend the hacking attempt. Even in a perfectly executed situation, most email services will filter these out and you will not receive them, but there are still those who will sometimes make it past the spam filtration and make it into your inbox.

They will look quite authentic and the only way to distinguish the actual origin of the email is to go into the header details of the email itself and analyze the header and authentication details in order to see where it actually originates from.

At FastComet, we have the options to enable SPF, DKIM, and SpamExperts, which are all email oriented methods of filtration and security, giving our customers immunity to the heaps of spam and phishing emails which are sent out daily through the internet.

Fake Login Pages

Often we will stumble upon websites which try to steal your personal data via trying to trick you into actually inputting it yourself, by bearing resemblance to the original website, sometimes in near even perfect detail as it is extremely easy to copy the look of a single page, without its actual functionality, since all of the looks of a website is public code through the HTML and CSS on the page.

These “facelift” websites will often upon inputting your username/password either refresh and nothing will happen, or they will afterward redirect you into the direction of the original website making it look like your first login attempt simply was inputted with a typo, and most likely gaining you access to your account on the second login attempt since it would then be on the actual correct page on login attempt two.

The key to avoiding these always look at the URL path as that will tell you whether you are on the correct website. Let us say that we are trying to obtain sensitive information for a popular social media page such as Facebook, then the fake login page URL’s would look something like:

• https://www.facebook.attackerdomain.com/ – (subdomain of the original domain name)
• https://www.facebuuk.com/ – (similar looking domain name)
• https://www.attackerdomain.com/facebook.php – (on a path, fake or even real domain)

These types of websites can be stumbled upon in various ways, but the most common of which would be either via clicking on unsafe links through public page social media comments, shortened URLs which display one link but are an entirely different one when clicked, through numerous website ads redirects, trying to access restricted paid content on the internet for free or via sent emails with direct hacking intentions from an attacker.

Gotta Catch ‘em All

Once you have actually been bamboozled into falling prey of either of these elaborate scams, you may have often also seen that certain pages will end up in a loop of redirects, having suspicious files downloaded, yet luckily not automatically executed onto your PC.

These files under no circumstances should be opened as 9 out of 10 times they are either:

• Keyloggers (recording your keyboard keystrokes and sending each character you press in the same order which you pressed them to the attacker via SMTP or FTP)
• Botnet (turning your computer into a remote tool for creating future DDoS attacks)
• Cryptocurrency Miners (using your computer’s resources GPU and CPU to mine)
• Spyware (to collect audio and video media through your microphone & webcam)
• Thousands of possible

These are just a few examples as the full list would go beyond several pages long and is constantly increasing, but these are some of the most often seen and most dangerous that you will encounter more and more in the following years to come. There has been only one proven method to work against these types of attack and that is to be vigilant, look before you click and you will dodge a bullet every time.