by Pat M. | Security Administrator/Educator | DIYsecurityTips site owner
Phishing is a form of social engineering in which a malicious computer user manipulates a victim to disclose sensitive information to include: user names, passwords, SS number, and PII/PCI data. Phishing is delivered through email, text, and phone (vishing) calls. There are several different types of phishing as well.
Phishing is delivered usually in mass phishing campaigns. These can be emails that seem legit (official wording, logos, URL/sender email) but always contain a link or clickable area that will lead to a malicious site or malware download.
Hover over any clickable areas in the email message such as logos, URLs, and other links. Look in the lower left hand corner for an odd looking web address. Some will start out like a legitimate address but include a mess of random characters; this can be an indication of a malicious site.
In addition, if the web address has “tinyurl” in any part of that URL (especially in texts) then avoid clicking that link. Malicious hackers will mask their websites within a tinyurl which hides the full web address from the victim. They will become curious and click on the link to discover that malware was hosted on that site.
Spear phishing is a special targeted attack against someone. Spear phishing may include references to information related to that person directly, and/or use real names, and associates. This is especially dangerous because it adds a more personal touch to the attack, allowing the target to be more trusting of the sender. Victims will be researched and studied prior to this type of phishing.
Whaling is like a spear phishing attack except is targeted against high executives and CEO’s etc. The goal again, is to get the target to divulge sensitive information to launch another attack or steal credentials, download malware etc.
Phishing remains one of the most common and dangerous internet threats; user awareness is paramount to prevent it. There are several indicators of a phishing attempt and some of them are subtle.
Phishing indicators
- Misspelling of common English words throughout email
- A user’s name is almost never used in a common phishing email, rather a generic greeting like “dear user” or “dear [email protected]”
- URL’s in email will have long and odd looking addresses (hover over the link to see the destination address)
- Spam email coming from a financial or legitimate institution in which the user is a part of
- The email greeting may have your name in it and the body may start out sounding like a legitimate request for details but again there may be misspellings
- May contain jargon unique to the “whale’s” company/organization, to make the email sound more real
- In an enterprise environment, a phishing attempt may be an email regarding “accounts payable,” “vendor product quotes,” or something that sounds business related
- Another very common phishing email in an organizational environment is a message containing a Microsoft Outlook link to reset your password or similar subject
How to prevent phishing
There are several things you can do to help prevent a successful phishing attempt. You can apply these tips to mobile phishing (smishing) as well.
- Don’t click on or reply to any web address/senders in an email if the information wasn’t requested by you. This is especially important if it’s in an email referencing an account you know you don’t have
- If the sender’s email address ends with a .ru .cn etc. (these are the country domain codes) it may be coming from a nation state hacking group. .Ru and .Cn Russian, and China respectively, are especially known for phishing campaigns and malware attacks. For example, “ebaysupport.com.cn”
- Never click on any attachments from emails you can’t verify the legitimacy of and never give personal information over the phone unless you can verify the recipient.
- If you ever an email saying you have a notification from one of your accounts and you suspect it may be phishing, login to that account in a different window and use the URL of that site from your bookmarks/history NOT the link in the email, and review that notification.
If there are none, then that email was most likely a phishing email. The purpose of this is to confirm your suspicion by safely navigating around that email link and logging in to the real website URL of your account.
With the knowledge of these indicators of spam, hopefully it can better prepare you tom protect your accounts, identity, and personal data from attackers. The biggest downfall in security is the human factor; education, awareness, and vigilance will prevent a great many attacks against our devices, networks, and data.
About the Author
My Name is Pat M. I am the lead writer and owner for DIYsecurityTips.com. This is a website dedicated to the security awareness education of tech users. I hold a bachelor’s degree in cyber security and networks from University of Maryland Global Campus, Security+ce certification, and works full-time for a native American Tribal Government as the Security Administrator.
Currently I am studying for advanced certifications focused on offensive cyber operations through SANS Technology Institute. When I’m not writing or working, I enjoy learning about cyber attacker methods, tools, and processes, spending time with my wife, and gaming. I also like to brush up on the basics of computing, learning new cyber tools, and completing CTF labs with TryHackMe.com. I am also extremely passionate about security and wants everyone to learn how to protect their data, maintain their privacy, and use safe security methods. This is a subject I love and I hope you can learn something!
I can be reached online at [email protected], and LinkedIn and at our company website https://diysecuritytips.com
