Phishing is definitely the most widespread and dangerous online scam method, but fortunately, after years of experience and heart-pounding clicks, the average user has learned to defend himself well.
Until now.
What could happen if phishing suddenly became more insidious and cybercriminals more skilled?
This morning one of our clients forwarded us an email with seemingly legitimate content, only after a closer look did we realize the scam, fortunately escaped.
But let’s go in order.
What is a phishing attack?
A phishing attack is nothing more than a more or less sophisticated email scam attempt aimed at obtaining the login credentials or other confidential data of the intended victim.
The aim is to hack into a computer system and take control of websites, bank accounts, social profiles but also video surveillance systems and the whole IoT (Internet of Things) world.
For example, the attack on a dam, as reported by the New York Times, is well known.
Usually the attack consists of:
- An attacker, usually an experienced cybercriminal who uses special software.
- Victim. Contrary to how it may seem, victims are not chosen based on poor computer skills. Criminals do “trawl” by sending a huge number of emails so that they are statistically more likely to pull off the attack.
- Software designed for the purpose, which is programmed to send tens of thousands of emails to as many email addresses scattered around the world.
We have just seen what phishing means (not to be confused with the terms fishing or cyber fishing, both of which are incorrect), we will see below how to defend against these attacks.
Phishing attempt in the name of Register.co.uk
Register.it is a hosting space provider that also provides domains, databases and mailboxes.
As anticipated in the opening of this article, the administrator of a client company forwarded asuspicious email to us for a thorough review by our agency’s technical department.
The sender appears to be Register’s official sender, as visible from the screenshot below.
The content of the email also seems legitimate. In fact, unlike classic phishing emails, we do not notice spelling or grammatical errors or gross translations.
This is a very dangerous aspect, because one of the alarm bells for recognizing phishing emails was precisely the carelessness in writing the texts. Thus, a more careful reading was enough to uncover errors and reveal the scammy nature of the email.
Instead, here we have a decidedly well-crafted email, which can easily fool even a careful and experienced eye.
This is the first time ever that we have noticed so much care in a phishing email, so we believe that a real quantum leap is taking place to try to reap more and more victims.
Fortunately,Gmail’s excellent spam filter comes to our aid, which was able to immediately detect the anomaly by moving the email to the spam folder and, thanks to its pairing with the Chrome browser, blocked our first attempt to open the suspicious link.
Unfortunately, the filter in Outlook (Microsoft) is significantly less efficient than the one designed by Google, so it is always best to move with caution.
Google Chrome makes it easy for users to detect malicious emails, while still allowing you to proceed at your own risk should you wish to ignore the warnings.
In our case, in order to perform athorough analysis of the attempted phishing attack, we proceeded toopen the malicious link.
It is necessary to take precautions when performing such actions, so we advise against such actions for inexperienced users and limit themselves to viewing these screenshots.
Once we get past all of Chrome’s warnings we can finally see the phishing page in all its glory.
We are not ironic: we really think it is splendid. Let us explain.
Over the years of experience of the Isola di Comunicazionecountless links to malicious content, spam emails and online scams have been analyzed, but rarely has so much care been noticed in an attack.
The scam page is nothing more than what is known in the jargon as a fake login, which is a page that deviously sends our credentials to a third party.
In the screenshot we can see how the cybercriminals have faithfully reproduced the original Register page, even bringing back the social buttons and making a third-level domain that recalls the real site.
We note, however, that immediately after the initial part of the url is a domain that should not be there and that we have obscured as a matter of privacy.
After some analysis, we could see how that url redirects to the site of aforeign company that is most likely unaware of this matter.
Let us conclude with a word of advice: even an experienced web user should always be on the alert, careless web surfing is clueless, and studies such as the one published by Ansa prove it: the +250% increase in hacker attacks is by no means a matter to be underestimated.
How to defend against phishing attacks?
Defending against phishing is not impossible if you use common sense and follow the right directions.
First of all, we should rely on good email boxes, such as Gmail, inside which there is a very good spam filter that will automatically filter mail for us.
We invite you to read our article on spam emails, you will find many useful tips that we are sure will be appreciated.
We should also use a reliable browser, making sure it can block malicious urls without any configuration intervention by the user. Google Chrome is the browser of choice for Isola di Comunicazione for speed and security.
Last, but not least in importance, we should always check that the links in the emails are directed to the official sites.
By now it is no longer enough to verify the sender and the quality of the text in the email, several other tricks must be put in place.
And if we just can’t distinguish phishing emails from legitimate ones, the advice is to contact the sender directly; they will be able to tell us whether the email is safe or should be trashed.
Have you had trouble with a phishing email and think your data has been stolen? Contact us now, we will be glad to help you.
