Spoofing through Emails

Email spoofing is one of the most frequent and easiest types of phishing used to get data from users without their knowledge.

It can be done in different ways:

• Sending an email through a famous/familiar username,
• Sending an email impersonating your superiors and asking for some important data,
• Impersonating the identity of an organization and asking employees to share internal data.

Here is an example.

The call to action is to click on the link and to log in to view the document. Some users might click on the link just by seeing the company’s name and the urgency of action.

Such an email crafted has higher chances of being opened and phished.

How to prevent email phishing?

The best way to prevent these attacks is by carefully reading the sender’s email address.

Try to copy and past the characters in the email if you’re not sure about them. Being aware about the dangers and possibility is the first step in it’s prevention.

Also, tools like Sophos Phish Threat provide phishing attack simulation and training for your end users which are important to prevent future phishing attacks on your organisation.

Fake Email sent using a brands name

In this type of phishing, mass emails are sent to a group of people with common interest based on their brand preferences, demographics, and choices.

These emails are clones of transactional emails like receipts, payment reminders, or gift cards intended to deceive a target potential.

Here is an example of an email targeting Citibank customers.

Phishers like to use brands as a weapon for mass attacks because brands usually have a lot of credibility among targeted victims.

How to prevent mass phishing attack?

Check whether you are marked in the “To” section or “cc” section of the received mail. Avoid replying to an email marked to you with an unknown set of people.

URL Phishing

In URL phishing attacks, scammers alter the phishing page’s URL to deceive the target.

This has a higher opening rate because:

• The credibility of the URL plays a role to increase the CTR (Click-Through-Rate).
• They are ready to accept friend requests and messages – DM links or email notifications, and
• They are even ready to share their email and contact details.

• Hidden Link

  Hidden links are another bait used by phishers. They sort of camouflage the intended text over a CTA. We have all received emails with the action phrase “CLICK HERE” or “DOWNLOAD NOW” or “SUBSCRIBE.”

  These are examples of hidden links, which makes it easier for scammers to launch phishing attacks.

  

• Tiny URL

  Another way to hide phishing links is by using link-shortening tools like TinyURL to shorten the URL and make it look authentic.

• Misspelled URL

  Misspelled URLs are another way hackers target potential victims. They change the spelling in the URL in such a way that it is not noticeable in a quick glance. They buy that domain and send it to their targets.

  In the example below, you can see that there’s a typo in the link that people can easily miss: “www.citiibank.com…” instead of “www.citibank.com…”

  

• Homograph attack

  Homograph attacks involve the usage of combinations of similar-looking words – characters – that can be easily misread.

  Here’s an example.

  

  Our first thought might be that the offer looks genuine, but when we click on the link, instead of ‘amazon.com,’ we will be redirected to ‘arnazon.com’ – which belongs to the attacker.

  Once on site, the fake page will prompt you to enter login credentials or confidential financial data.

How to prevent URL phishing?

Hover the cursor over the attached link. The full link will appear on the laptop screen. If the link is different or seems phishy, don’t click on it! In case of mobile devices, press and hold over the link, and the attached link will appear as a pop-up window with actionable options.

Pop-Up phishing

Pop-up messages are the easiest way to run a successful phishing campaign. Through pop-up messages, attackers steal the login credentials by redirecting them to a fake website.

This technique of phishing is also known as “In-session phishing.” In the example below, doesn’t the foreground pop-up seem legitimate enough to mislead customers?

How to prevent in-session phishing?

The only prevention at present are the pop-up blockers available in the browser extension and settings on different app stores. If your data is very crucial, you should opt for a security software that blocks all these threats in one shot to prevent any kind of data security breach. Apart from this paying attention to the links holds great importance in preventing phishing.

Paid-ads phishing

Phishers run an ad campaign to show up first on the SERP (Search Engine Results Page).

Once there, they lure the consumers searching for a specific keyword into landing on their site and then fool them into sharing confidential information.

In the example below, the ad says “Full Version & 100% Free!”

How to prevent Paid-ads phishing?

The best way to avoid search engine attack is to avoid the ads displayed in the paid results section – look for the “ad” tag displayed next to the website link, which is usually found on the top-most results. Also, if you know the URL, then try to type it whenever possible.

Website Spoofing

Website spoofing is similar to email spoofing, though it requires the attacker to put in a lot more effort.

How is website spoofing done?

Phishers copythe design, content, and user interface of a legitimate website and publish it.

They also use URL shortening tools, as mentioned above in the blog, to create a similar website URL.

Here is an example of a website spoofing attack that mimics the Bank of America website:

If you know the link to the website, it is always better to manually type in the link instead of copying or clicking on a link sent by someone else.

How to prevent Website Spoofing attacks?

Third party tools like SysCloud’s Phishing Protection provide the best possible security from all kinds of spoofing attacks. As a part of their service, all the suspicious websites are not only blocked but also reported to the user.

Clone Phishing

A previously-sent email from a reputed organisation containing any link or attachment is cloned or copied to creat a similar looking email.

Phishers swap the original link in the attachment with a malicious link. The targets will be deceived as they won’t be able to tell the difference between the real and malicious email and click on the link.

The victims never suspect the clone email, which is why it is dangerously deceptive.

How to prevent clone phishing?

• Check the sender’s email.
• Hover over any link in the email to see the landing page before clicking on it.
• Follow up with the email and the organization it appears to be coming from.

Malware Injection

All Executives/Senior/Chief Managers /Branch Managers/ Concurrent Auditors/Internal Auditors.

It is usually carried out with intention to hack a user’s computer, steal confidential data, conduct fraudulent activities or launching a DDoS attack. Various kinds of malware like Trojan, ransomware, worms, virus Spyware etc are used to infiltrate the defense.

How to prevent malware phishing?

Always use an updated anti-malware and antivirus option available in the market. Also, an up-to-date browser works as an extra security layer from these types of phishing attacks.