Glossary / Phishing

Phishing

The fraudulent practice of masquerading as a legitimate or reputable entity to trick a victim into revealing personal information, such as passwords or payment card details. Mostly done through email.

What is Phishing?

Phishing is the fraudulent practice of masquerading as a legitimate or reputable entity to trick a victim into revealing personal information, such as passwords or payment card details. Phishing is mostly done through email, but can also be done via text messages or social media networks.

What are the risks of phishing attacks to an organization?

  • Your company's money is being stolen by criminals who have unauthorized access.

  • No access to the company network.

  • No access to company systems, files, or data

  • Your company's reputation is damaged and customers will not trust your website.

  • The customer's financial information (credit card details) is compromised.

How phishing scams work

Phishing attacks are a numbers game from the attacker's point of view. Attackers send thousands of fake messages (to increase their success rate) to gain access to victims' accounts via a malicious link. They imitate real messages to make them seem more authentic. They design the messages to match the recipient's language and style.

Attackers often create a sense of urgency by threatening account expiration and placing the victim on a time limit. This makes people less diligent and more likely to make mistakes. Links inside emails look similar to their legitimate counterparts but may have misspelled domains or extra subdomains, giving the appearance of a secure link.

Attackers will usually try to push users into immediate action: for example, an email could threaten account expiration by a certain date and time. Applying such pressure causes the user to panic, be more prone to error, and believe that the scam is legitimate.

Links inside email messages resemble legitimate companies, but typically have a misspelled domain name or extra subdomains. Similarities between the legitimate address and the fake address offer the impression of a trusted website, making the recipient less aware that an attack is taking place by an imposter with a fake website.

What Do I Do if I Receive a Phishing Email?

Phishing emails are very dangerous because they might contain malicious attachments, viruses, worms, Trojans, spyware, etc. You should never open an attachment sent by someone else unless you know who it came from, what it contains, and why it was sent to you. Always report suspicious emails to your company's IT department. Do not open them yourself.

Phishing attacks should be reported immediately. If you do not report immediately, there is a chance that you might lose important data or even your identity. You need to protect yourself by taking precautions.

What is spear phishing?

Spear phishing targets individuals within organizations and allows attackers to steal specific usernames, passwords, personal info, and other information. The attacker pretends to be someone else, such as the marketing director. They send a bogus email asking for information about the latest projects.

A link in the email redirects to a password-protected internal document. The attacker steals the user's credentials, gaining full access into sensitive areas within the organization network.

It's a more thorough form of phishing that requires specialized knowledge, as spear phishing is a type of social engineering attack.

Steps to protect yourself from Phishing

  • Monitor your online accounts regularly

  • Keep your browser updated

  • Don't click on email links from unknown sources

  • Be aware of pop-up windows

  • Never give out personal information over email, text, or phone

  • Be wary of social, emotional lures

Phishing attack protection requires steps to be taken by both users and enterprises.

Spoofed messages often contain spelling mistakes or other minor errors. Users should be vigilant when opening emails, and should always check the sender before clicking any links.

For enterprises, a number of steps can be taken to mitigate both phishing and spear phishing attacks:

Two-factor authentication is a good way to protect your accounts. When you log into your account, you need both your username and password, but if someone else gets your username or password, they won't be able to access your account without your phone number. This makes it more difficult for them to get into your account.

Password policy should include frequent changing of passwords and not allowing reusing of passwords across multiple apps.

Never Respond to Requests for Private Information

Don't respond to requests for your private info over email, text message, or phone call. Always protect your personal and financial info, including your: Usernames and passwords, including password changes

  • Social Security or government identification numbers

  • Bank account numbers

  • PINs (Personal Identification Numbers)

  • Credit card numbers

  • Birthday

  • Other private information, like your mother's maiden name

Only give out contact information like an email address or phone number on a respectable website. Don't post your personal contact info on public forums.

In Conclusion

Cybercriminals never sleep. Digital forensics teams need round-the-clock threat intelligence to anticipate and track bad actors’ every move, and how they might attack you or your business.

Intel 471 customers rely on TITAN, an intuitive intelligence SaaS platform built by intelligence and security professionals for intelligence and security professionals. It enables them to access structured information, dashboards, timely alerts, and intelligence reporting via the web portal or API integration.

But TITAN doesn’t stop there. Use TITAN’s programmable RESTful API to power numerous connectors and integrations, integrating and operationalizing customized intelligence into your security operations.

Intel 471 cybercrime intelligence empowers digital forensic experts and analysts to monitor and respond to threats in near real-time — enabling them to support the cyber defense mission with timely and actionable intelligence. These analysts can also explore the alert context in our intelligence reports and data collection giving them a richer understanding of your organizational risk to better mitigate threats.