Source: Hebei Network Security
Phishing attacks are one of the most common cyber crimes that are most likely to be tricked by victims. With the continuous development of network technology, attackers’ disguise methods have become more cunning, and attacks The frequency has also increased, and various novel attack methods have emerged in endlessly. Some attackers can steal key information within an enterprise through phishing, which poses huge risks to the business security and information security protection of enterprise organizations. How to identify various fraud tricks of attackers and protect the key information security of enterprises and employees has been Become an important task for most enterprises.
The most basic principle to prevent phishing is to be vigilant and carefully confirm the authenticity of any link before clicking on it and entering your account details to avoid falling into a phishing trap. At the same time, we should also have a deep understanding of the various changes in phishing techniques and find corresponding prevention methods. This article summarizes nine common phishing attack methods and gives corresponding prevention suggestions:
01
Email phishing
Email phishing, also known as deceptive phishing, is one of the most common phishing attacks. Attackers often send emails to potential victims in the name of a well-known business or brand.
These emails often contain dangerous links that, when clicked, trick the victim into filling out login information or a website that installs malware onto the victim's computer. These websites often look very professional, almost identical to the actual brand and appearance of the companies they impersonate, and the content of these emails often gives people a sense of authenticity and urgency, prompting victims to act hastily before they have time to think about it. Once the victim is tricked, the login information has basically been leaked, and the attacker will use this to access the victim's identity and banking information to make huge profits.
Prevention method: The best way to prevent email phishing is to understand the key characteristics of this attack method, and then promptly identify and avoid these phishing traps. The most obvious flaw in
email phishing is that there are errors in spelling, punctuation and grammar in the email content. This type of email usually contains many spelling errors and email addresses with incorrect domain names. If the company finds any suspicious content in the received emails, it should draw attention and instruct employees to avoid clicking on any links. Pay more attention to the content of emails with product promotions or discounts as the theme. Another characteristic of phishing emails like
is that the attached links are very short. Because short links are often used by attackers to evade detection by secure email gateways, this may also be a sign that the link is not secure.
02
Spear phishing
The characteristic of spear phishing is that attackers will not release phishing emails in large numbers. They will collect victim information through OSINT (Open Source Intelligence) or other illegal means before phishing, and then Targetedly sending malicious emails to specific targets within an enterprise. For example, if an attacker targets an online course education company, they might send a targeted email to the company's website course developer.
As a result, spear phishing emails tend to be more "customized," using full names, business phone numbers, and even job functions to trick victims into thinking the sender is the same person as them.
Prevention Methods: To identify and defend against spear phishing, organizations should adopt the following strategies: Check that the links your organization directs to shared drives such as Google Suite or Dropbox are correct, as attackers may be able to launch spear phishing attacks Redirect these links to malicious websites.
In addition, spear phishing emails often require victims to enter a username and password to access documents, thereby obtaining the victim's login information in the enterprise. Therefore, employees should pay attention to some suspicious emails in their daily work. If colleagues from different departments within the company make strange requests to you through emails or ask you to do something unrelated to work, you should think twice before committing.
03
Voice call phishing
Attackers will use the victim's phone number to communicate directly with them. They usually pretend to be staff of legitimate institutions such as government departments and banks, and ask the victim to take action (log in to the malicious system by playing automated voice messages or direct voice) , replying to verification codes, etc.) to trick victims into revealing sensitive information. Moreover, these attackers often target the opportunity and make calls when the company is busiest and employees are under the greatest pressure. Victims often act hastily under a high sense of urgency. , was deceived.
prevention methods: Preventing voice call phishing attacks can start from these aspects. First, corporate employees should pay special attention to unfamiliar caller IDs, unusual addresses or marked numbers. In addition, you must be especially vigilant when receiving calls during particularly busy seasons and periods when the workload is particularly heavy. Finally, you should be extra vigilant when the caller asks you to complete an operation that involves sensitive personal information.
04
SMS phishing
SMS phishing is similar to voice phone phishing, but it is done via text message rather than a phone call. As with email phishing, attackers send text messages and links from apparently legitimate sources that, when clicked, can infect a victim's mobile device with malware. The content themes are also mainly about product discounts, bank information notifications, etc. This is a common trick used by attackers to trick people into clicking on malicious links.
prevention method: Same as phone voice phishing, after receiving a suspicious text message, the recipient should pay attention to whether the sender of the text message belongs to an unusual phone area code. Attackers often pretend to be e-commerce customer service and ask victims to click on links or take other actions on the grounds of "change in logistics delivery status". If the recipient really has relevant concerns about online shopping products, they can directly access the relevant software or contact the e-commerce customer service Communicate and avoid clicking directly on links in text messages.
05
Whale phishing
Attackers who use whale phishing also use OSINT to obtain information and launch deceptive attacks on the management of enterprise organizations, so it is sometimes called CEO spoofing.
Attackers will first use OSINT or social media companies, websites, etc. to obtain the CEO identity information of the target company, and then use an address similar to the actual CEO email address to send emails to the employees of the company. The content of the emails is usually to defraud money or induce people to do so. The victim clicks on the link to "view the file."
is similar to a spear phishing attack, in which cybercriminals will first conduct a ruse on a victim by scoping out an employee within the target company to ensure that the email sent appears to be genuine.
Prevention method: If the CEO or senior management within the company has never personally sent an email to the recipient before, then this abnormal behavior should alert the recipient.
Another important sign is whether the email sender's email domain name belongs to the company. Personal emails are not typically seen in a work environment, so a sender using a personal email is also a big sign of fraud.
06
pharming
pharming is actually difficult to detect because it is more technical than most other phishing attacks. Criminals first hijack DNS domain name servers (servers that convert URLs into IP addresses). After the victim enters the website address, the DNS server redirects them to the malicious website IP address. Malicious websites like
usually look very realistic, and because the victim is redirected without knowing it, it is often too late by the time he realizes it.
prevention method: The most obvious feature of this attack method is that the website looks unsafe. For example, these phishing websites start with HTTP instead of HTTPS; in addition, inconsistent web design or information is another obvious feature. A color scheme that looks a bit out of place, spelling errors, different fonts, or even a logo that doesn’t look right can all help victims spot a malicious website.
07
Phishing
Phishing uses the same techniques as SMS phishing, but targets social media platforms.
This type of phishing uses private messages, notifications, and other features of social media platforms to trick victims into taking some harmful action on the platforms they actually use. This is why many large enterprises that need to manage massive amounts of equipment need to establish enterprise-level contact center solutions.
prevention method: There are many aspects that need to be prevented against this phishing attack. If a stranger sends a private message or link through some social platforms commonly used by the recipient, be extra vigilant. It is best for the recipient not to click on the private message with the link rashly, even if the account looks normal, because the account is likely to have been Hack.
08
Malicious Twin Phishing
The malicious twin attack is to create a Wi-Fi hotspot that appears to be real. The attacker will even use the same set service identifier (SSID) as the real network. When users connect, attackers can eavesdrop on their network traffic and steal their account names, passwords, and view any attachments the user accessed while connected to a compromised hotspot. This type of attack is also known as a Starbucks scam because it often occurs in coffee shops.
prevention method: If the user clicks to connect to the hotspot, an "unsafe" warning will be triggered on the phone or mobile device, so even if the hotspot looks familiar, do not use it rashly. Secondly, it is suspicious that a hotspot that can be connected directly to a hotspot suddenly requires login. Do not enter information easily.
09
clone website phishing
clone phishing attacks are carried out by leveraging website services that the victim has used before. These attackers are very cunning and will research in advance which application websites usually require links. Then, they will disguise themselves as target business application websites and send targeted emails to victims that appear to be from legitimate services, deceiving users who are accustomed to using these application websites. .
prevention method: In the same way as email phishing protection, recipients should pay special attention to the following types of emails: emails sent during busy work periods, emails sent from unexpected email addresses, and emails sent from internal corporate work. Recipients should be extremely cautious when sending emails from frequently contacted service providers, regardless of the reason why the other party requests personal information (source of manuscript: Safe Niu)
![[Modeling 101] 3.4. Three Steps to Forecasting - Analysis, Assumptions, Calculations - DayDayNews](https://i.ytimg.com/vi/bIrpwLaOZk0/hq720.jpg?sqp=-oaymwE2CNAFEJQDSFXyq4qpAygIARUAAIhCGAFwAcABBvABAfgB_gmAAtAFigIMCAAQARhOIGUoWDAP&rs=AOn4CLCZygNH3k7D216gXxOlQb8tP4Y_3w)
![[Modeling 101] 3.1. Two Approaches to Forecasting Revenue - DayDayNews](https://i.ytimg.com/vi/Xvw2hd2rc54/hq720.jpg?sqp=-oaymwE2CNAFEJQDSFXyq4qpAygIARUAAIhCGAFwAcABBvABAfgB_gmAAtAFigIMCAAQARhNIGUoWDAP&rs=AOn4CLBwAnV0m48abMnbD6GFu-hnXysnyQ)
