Phishing, the act of tricking internet users into revealing personal details or private logins to websites, remains a popular “tool of choice” for hackers and cybercriminals.
Some phishing attacks are unsophisticated and easy to spot for all but the most inexperienced web surfers. However, hackers constantly refine their methods, making for some far more refined phishing attempts – refined to the point that they can even catch out cynical techies with a well-trained eye.
It’s actually extremely easy for hackers (even distinctly amateurish hackers) to throw up a convincing-looking copy of a well-known website. All they then need to do is use bulk emailing tactics or even black-hat SEO techniques to lead unsuspecting users to the “fake” site. They then enter their usual login details into the fake site, effectively delivering those details straight to the hackers to do with them what they wish.
A recent example of this involved Bittrex – a popular exchange for cryptocurrencies such as Bitcoin. Capitalising on the increasing popularity of these currencies, hackers created a realistic-looking login page for a Bitrex-like site, using a very similar domain name to the genuine site. They then used Google adverts to push the site to the top of Google’s search results.
This meant that people searching for the service without paying total attention could find themselves on the fake site without realising. The fact that cryptocurrency investment is particularly popular with techies demonstrated the brazen nature of this phishing attempt, and their confidence in tricking a more informed audience.
Avoiding Phishing
The fact that many governments, including the UK’s, now provide advice to avoid phishing only serves to prove the severity of the problem, along with the fact nobody expects it to go away.
Recent statistics from Statista show that Australia, France and China are among a host of countries where more than 10% of the population have been the victim of a phishing attack in the third quarter of 2017 alone.
Precautions are therefore wise for everyone using the internet. Here are some steps to keep in mind:
1. Always check the source of emails that request that you visit a website you may visit frequently. Many emails that form part of a phishing attempt come from suspicious looking email addresses, along the lines of “applesupportcentre.com” or similar.
2. If you need to go to a website that requires you to log in, go directly to the website using its normal address, rather than clicking links in search results or on an email.
3. Be aware that phishing can happen by phone as well as online. Sometimes, hackers will call your home pretending to be from Microsoft or another reputable company. Often, they successfully convince less tech-savvy PC users that their computers are infected, then set up a remote connection and install malware.
4. Make use of Google to search for strings of text in emails you are suspicious about. Often you’ll find that those suspicious emails have already been flagged as being part of a social engineering scam, which uses psychological manipulation to gain access to sensitive information.
5. Don’t assume that every phishing email will be caught by your antivirus software and/or spam filters, and that everything that makes it into your inbox is genuine. Hackers often manage to stay one step ahead of these systems and get their phishing emails through.
The vast majority of phishing attacks can be prevented when people follow all of these steps religiously. However, the continuing drive to work on the scams suggests that hackers are confident plenty of people don’t.