Were you asked to give your personal or any internal information in an unusual manner? Or received an email that says,
“Please update your billing information. Click here.”
If so, you’d better be cautious about it. There is an ongoing threat from phishing attacks and it is becoming sophisticated nowadays.
You’ll never know when attackers will target you as the new victim. However, this article tells you how to avoid being a victim and what to do if you think you’re a victim of phishing attackers.
Learn from this article to have better understanding of the phishing attacks as posted by US-CERT.
What is Phishing?
By simple definition, phishing is a type of attack that uses email or malicious website in order to steal personal information like usernames, passwords, Social Security Numbers, credit card information and other sensitive data. The information is solicited by attackers disguise as a trustworthy entity or a credible organization. This activity is a form of social engineering.
An example of phishing cited in the SSCP Systems Security Certified Practitioner All-in-One Exam Guide is from an advanced persistent threat (APT). Security firm Mandiant discussed the attack life cycle in its 2013 report titled “APT1: Exposing One of China’s Cyber Espionage Units.” It typically starts with spear phishing (targeted phishing attacks) and includes subject lines and text within the email that are relevant to the recipient. These emails typically include a link to a malicious zip file. Some users have responded to these emails asking if the file is legitimate. Someone from APT1 responded within 20 minutes with a terse “It’s legit” response.
If a user opens the zip file, it installs a backdoor on the user’s system. This backdoor causes the user’s system to initiate connections with the attackers command and control server. Attackers configure the command and control server to respond by sending commands to the user’s system. One common method they use is to embed commands within a web page as HyperText Markup Language (HTML) tags.
These commands allow the attacker to perform internal reconnaissance on the infected user’s network using standard commands. For example, net view domain will show the domain name and net view /domain:domainname (with the name of the domain in place of domainname) will list all of the computers in the domain. They typically dump this to a text file with a command like this: net view /domain:domainname >> 1.text.
Later, they transmit the text file back to the command and control server and use this to install multiple backdoors on other computers in the network.
Think about this for a moment. One employee in an organization opens a zip file and the result is a massive infiltration of backdoors installed on multiple systems. Once they establish a foothold, they begin collecting data, compressing it into multiple .rar files, and sending these files to the attacks.
Charities are also one of the types of organization that phishing attacks may appear to come from. Attackers take advantage of the current events and certain times of the year that may include economic concerns, natural disasters, epidemics and health scares, holidays or major political elections.
How to avoid being a victim
Whenever there are unsolicited visits, phone calls or email messages from individuals who ask you about employees or other internal information, be suspicious about it. Verify his or her identity directly with the company if the unknown individual claims to come from a legitimate organization.
Do not give information
If you are uncertain of a person’s authority to have the information, do not provide any information about your organization including its structure or networks.
Do not respond to email solicitations
Attackers commonly ask for personal or financial information through email and you should not reveal your information by responding to the email. Avoid following links sent in email. Official logos, text or links to the website could be easily fraudulent.
Check website’s security
It is essential that you do not send sensitive information over the internet before checking a website’s security. You can tell that a web page is secure if it contains an active HTTPS session. The HTTPS is created for the purpose of encrypting sensitive data for transmission.
Pay attention to the URL of a website
Attackers use websites that may look identical to a legitimate site. But if you pay attention to the URL, there may be a variation in spelling or a different domain such as .com vs .net.
Verify legitimacy of email requests
To ensure legitimacy of an email request, try to verify it by contacting the company directly. The best source of contact information is to check previous statements and not the contact information provided on a website connected to the request.
Check some online information about known phishing attacks provided by some groups such as the Anti-Phishing Working Group.
Reduce the traffic
Installing and maintaining anti-virus software, firewalls and email filters are the best options to reduce some traffic caused by attackers.
Check any anti-phishing features
Your email client or web browser may have anti-phishing features that you can take advantage of. Check their anti-phishing features and use them to protect yourself from phishing attackers.
What to do if you think you’re a victim of phishing
- The appropriate people within the organization, including network administrators, should know when you might have revealed sensitive information about your organization. Reporting to them what you might have done can alert them on any possible and unusual attacks.
- Immediately contact your financial institution if you believe that your accounts may be compromised and ask them for advice. Additionally, always monitor your accounts for any suspiscious charges to your account.
- If you have revealed any passwords, immediately change them. More so, if you’ve used the same password for multiple sites, change your password for each account. Also, do not use any revealed passwords to any websites in the future.
- Be aware of other signs of identity theft. This includes events when you fail to receive regular bills or mail, credit cards denied unexpectedly, and new and strange accounts appearing on your credit report. Your identity might have been stolen because your information is available.
- You may consider reporting any attack to the police and file a report with the Federal Trade Commission.
Source: Information derived from article written by Mindi McDowell and posted on the US-CERT site.