The Twelve Frauds of Christmas – Phishing

Rushikesh Bhalekar

Take a look at the image below. Can you differentiate between one Microsoft account login page and the other? Pretty tough, right? The main difference is that the first one will take you to your emails, and the second will steal your password and email. This is just one example, but to this day, attackers are becoming more sophisticated when replicating pages and impersonating trustworthy brands.

Current authentic Microsoft account login page

Microsoft account Login phishing page

This is known as Phishing. It is a type of cybercrime in which users are contacted through email, telephone, or text message by a threat actor impersonating a trustworthy entity to obtain sensitive data such as login credentials, credit card details, or personally identifiable information (PII).

Every day, people come across different phishing sites developed by attackers that impersonate multiple brands to steal users’ data. These attackers copy a legit website’s user interface (UI) and make it look authentic. According to the 2021 IC3 Report, over $44 million was lost to various types of phishing crimes.

Netflix account login phishing page

Bank of America account login phishing page

Phishing is one of the greatest cyber threats that most organizations face worldwide. Verizon’s 2022 Data Breach Investigations report found that more than 20% of all data breaches involve phishing in a different sector.  Cyber attackers mostly rely on phishing, which is 41% of the social engineering breaches associated with BECs.

         

Verizon’s 2022 Data Breach Investigations report

Meanwhile, APWG’s Phishing Activity Trend Report states that 1,270,883 phishing attacks have been reported in the third quarter of 2022. Ransomware attacks have decreased as compared to phishing. According to the report APWG, 23% of attacks were recorded against the financial sector, followed by software-as-service (SaaS) and webmail providers (17%).

The report also found that 11% of phishing attacks target social media sites, while logistics and shipping platforms account for 6% of incidents. 

Most targeted industries in Q3-2022

According to Proofpoint’s 2022 State of the Phish report, 91% UK based organizations faced bulk phishing attacks, and 90% of Australian-based companies have been impacted by spear phishing. Spear phishing is a method that targets specific individuals or a group of people within an organization. Mostly attackers impersonate a higher authority within the organization and send text messages to employees asking for a favor.

Examples of Spear phishing

New employees of a company are often targeted by Spear Phishing, as they typically share their new role on platforms such as LinkedIn.  Additionally, they are often eager to reply quickly to new tasks and please their managers.  The spear phishing examples above were targeting new employees of DarkTower, and when investigating their LinkedIn views, all the employees who received messages had been viewed by the same profile, Anoruo James.

Fictitious LinkedIn Profile

Upon reviewing Anoruo James’ profile, it contained clearly fictitious information and also shared multiple posts recommending a product called ContactOut where you can “find anyone’s email and phone number.”  ContactOut offered up to 3 contacts for free.  

Promotions of ContactOut

Many other phishing attacks were executed through email, apart from spear phishing. The attacker will register a fake domain that copies a genuine organization and sends thousands of requests. In contrast, in other cases, fraudsters create a unique domain that includes a legitimate organization’s name in the URL.

Phishing Email

There are multiple ways to identify a phishing email, but generally, you should always check the email address which asks you to click a link or download an attachment.

Identifying the phishing email:

1.       Look whether the public domain email address is used to send the email.

2.       Checking if it includes unexpected files or attachments.

3.       Evaluating if that email develops a sense of urgency.

4.       Looking for grammatical errors in the domain, email address, or the attached link looks unfamiliar.