November 19, 2013 No Comments-
A “phisher” is a type of criminal who tricks users into giving away their personal information. Have you ever received an email from someone pretending to be your bank or Paypal? If so, you’ve already been exposed to a phisher’s methods.
The motivation behind these emails is to get you to visit the websites listed in the email, which will then encourage you to enter your login details on a fake version of your bank’s website. The data you enter will be passed directly on to the phishers (and not your bank), who will then use it to access your accounts.
The worst thing about these attacks is that they require no “hacking” skills or advanced computer knowledge – phishing emails simply need to convince normal email users to click on a link or two. Therefore to help you identify phishing emails, we’ve taken a look at how the attacks are created, managed and run.
Phishers typically use customised software to send tens (if not hundreds) of thousands of emails to a huge list of email addresses. These addresses are normally purchased on the black market from sellers who have acquired them through illegal uses of data, hacking attacks or other types of email phishing.
Once an email list is acquired, the phishers will then create an email template to send to the victims. If the email list also comes with people’s names, the phishers might even personalise the messages to include the victim’s names. This helps the emails look more authentic.
The other strategy of phishers is to use information they already know about their victims. For example, if the email addresses were hacked from playstation.com user accounts, the phishers know that the victims would be more susceptible to Sony-targeted phishing. Email titles might include “Reset your playstation.com Password Now!”, or “Log-in for a chance to win a PS4!”. After all, you’ll be more more likely to open an email relevant to your interests.
Once the targeted emails are sent, the phishers simply wait. Their software will automatically track who has entered their login details on the fake website and link it to their email address. The phishers will then have a complete list of usernames and passwords to hack into.
The worst thing is that it takes seconds for the phishers to send these emails once the template is created. And because the templates are very similar, phishers could theoretically start multiple phishing email campaigns a day – that’s millions of emails.
What’s worse is that phishers are also taking inspiration from professionals email marketing software and are developing their attacks with greater sophistication. For example, some phishing software will allow the criminals to send slightly different emails to different people, and track which generates the most amount of clicks. They will then use the design features from the more successful email to generate future – more convincing – email campaigns, in turn tricking more users.
Tackling the phishers
Unfortunately, because it’s so easy to become a phisher, the only successful technique to stop them is for users to become more aware of their tactics. Luckily, all you need to do is remember one simple rule:
Don’t open links in emails sent to you from companies
Instead of opening the links, simply type in the website’s address in your browser. This way, you’ll know you’re at the right place – and that your details are safe. Simple, right?
Premium antivirus will keep you safe from phishing. Get Norman Security Suite PRO 10
Made up of various contributors' opinions and insights - the power of the collective.
Norman Safeground Blogs Archive