Phishing Attack Prevention: How to Identify & Avoid Phishing Scams in 2021
Phishing attacks are nothing but a way of convincing people to perform certain actions. Phishing is a type of social engineering attack often used to steal user data, including login credentials and credit card numbers. It occurs when an attacker, masquerading as a trusted entity, dupes a victim into opening an email, instant message, or text message. The recipient is then tricked into clicking a malicious link, which can lead to the installation of malware, the freezing of the system as part of a ransomware attack, or the revealing of sensitive information.
Characteristics of legitimate websites
The first step is to distinguish between a legitimate website and a fake website is to look closely at its URL. The legitimate companies have their domain names as their brand names and they buy a top-level domain. If the website domain is, for instance, www.abc.com then it’s less suspicious. If the website name is the same but its extension is different, for instance, www.abc.tk then there are most chances that this is a fake website.
The second step to verify the website is by its URL is to check the number of strings. Usually, fake websites have an extra number of strings. For example, if the URL of the Gmail login service is accounts.google.com then the user can trust this website and enter his/her credentials in the login form.
In the above figure, we can see that there are extra strings present in the URL. A user can simply identify this type of website by checking the website URL.
The second important characteristic of a legitimate website is contact information. If there is proper contact information provided on the website and physical address then it is a legitimate website. We can further verify the integrity of the contact information by searching the online directory to search for the physical address they provided. Whereas, a fake website lacks these characteristics. If a fake website provided the contact information then contact information like phone numbers and physical addresses are of someone else or not even exist.
Most of the time attackers don’t bother to buy an SSL for their websites. It is just an indicator that businesses care about their security and they choose HTTPS over HTTP as HTTPS provides a secure and encrypted connection. Also, these fraudulent websites hide their records and information in whois databases. A legitimate website can be indexed in the whois database.
Collection and Selection
There are several databases of phishing websites accessible online. Different kinds of businesses and sectors use different kinds of websites for their work. Websites of the same niche usually have the same features on their websites. We can choose the business type according to the scenario we created.
The online database www.azsecure-data.org/phishing-websites.html contains a huge list of databases of phishing websites. We can choose the database according to the niche. This database list contains ESCROW, Financial, Pharmacy, Targeting brands, and PhishMonger. The following pie chart shows the number of websites for each type:
Case Study: 01
An email is sent to the student of the university named “my university”. The email is stating that the student has to change their password as the password will expire after 24 hours. After the message, a hyperlink is attacked so the student can click on the link to change his/her password. This email seems like a legit email and this email is highly influencing. If we see the format of the email it looks like that it is from the university.
The first URL is the URL of the university. Which will lead the user to the renewal page of the website? But in the second case, we can see that the URL is tempered. The extra number of the string is added into the URL which is very suspicious as a fake webpage. The extension of the website is also changed. If we see both URLs at once we can see that both are very identical. This can easily convince a student to give the information to the attacker.
All it takes is to copy the website which we are going to use while phishing the user. After that our next step is to make some changes required in the website and buy a top-level domain similar to the university website URL. SSL should be bought because it makes the website look less suspicious. After this, launch the website. The next step is to convince the user to click on it. For this purpose, an email pretending from the university should be sent to the student containing the link to the phishing attack.
Case Study: 02
In the above social engineering attempt, the attacker is using clout to make the user perform certain actions. These days cyber-crimes are at their peak. Everybody is concerned about privacy and is highly influenced by cyber-attacks and their effects after the attack. The attacker is taking advantage of this and describing that the security key of your account has been expired and make sure you update it. The user will immediately try to update the key to prevent unauthorized access. Thus, the user is convinced to click.
Case Study: 03
In the above real case scenario, we have seen that the attacker is social engineering the employee of the company using his/her good communication skills. He has created a scenario and he described different aspects of it so it seems legit. This email will highly influence any user because of its nature. These days everybody is concerned about privacy and this email is also emphasizing it to check this. There is no spelling or grammar mistake in it that makes it seems legit. The user will immediately check the activity to see if his/her login attempts or from outside the company. Thus, the user is convinced to click on the activity button to check the activity. Communication skills are very important while social engineering people.
Conclusion
Exploiting trust is one of the easiest ways of phishing someone. In this social engineering technique, the attack is usually carried out by the attacker pretending a person we know. It could be a friend, family member, or co-worker. A co-worker can simply email the file to the victim and a friend can send any image file or a doc file that can have a malicious piece of code. The victim in this scenario trusts the sender and without thinking twice he/she will click on any link or download any file.
Physical access to the systems leads to phishing attacks. This is the easy and most reliable way of phishing users to trick them to perform certain actions which can further lead to completely take over the complete network.
