Phishing – How fraudsters obtain access to your accounts.

 

 

Phishing – How fraudsters obtain access to your accounts.

In this new era of information, many people tend to use a lot of online services. Being online also does expose many Mauritians to a large number of possible frauds. One such danger is known as phishing.

Phishing attacks nowadays mostly use fraudulent email messages designed to impersonate a legitimate person or organisation and trick the recipient into downloading harmful attachments or divulging sensitive information such as usernames, password and bank account information. In such attacks you are the “fish”, the fraudster is the “fisherman”, and the “fisherman” in question here will use all kinds of tricks to lure you.

Taking the example below: You receive an email from: “[email protected]” telling you that your PayPal account has been restricted and to maintain account security you need to provide documents to confirm your identity urgently.

What will you do?

Most people will tend to click on the big “Log in to PayPal” button, some might verify the From address and note that it is from [email protected] and consider the e-mail as legitimate and then click on the button.

 Phished. Clicking on the Log in to Paypal button will redirect you to a fraudster’s created clone website of Paypal. After entering your credentials there, the fraudster will get a copy of your credentials, (you username/password) and will be able use them to login into your PayPal account thus gaining the ability to transfer funds from your accounts.

What exactly happened?

 This phishing email was carefully crafted to look legitimate, The following techniques were used:

• Email spoofing: Email spoofing is a technique which allows attackers to trick users into thinking a message came from a person or entity they either know or can trust. The creators of this Phishing email used spoofing techniques to make the email show as if it came from “[email protected]”.
• PayPal Branding: Attackers used the same template that PayPal uses for communication. They incorporated the logo, branding (Blue color, round oval button) to make the email look legitimate.
• Scary Subject: Attackers use Urgent / Fake threats subjects that need urgent actions to scare users into clicking on malicious links embedded in their email.

How to spot this is a Phishing email?

While hovering your cursor on the “Log in to PayPal” button, you’ll immediately notice that the link is not redirecting to paypal.com but instead to the following URL https://mys.ac/4fylg?userid=odyWY. A simple google search on the domain and you’ll start noticing red alerts. Again the attackers were crafty here, the domain they’ve used resembles the american social networking site https://myspace.com/

How to protect yourself from phishing attacks?

• Be cautious about all communications you receive. If it appears to be a phishing communication, do not respond and report it to your email provider. Do not click on any links listed in the email message, and do not open any attachments contained in a suspicious email.
• Always check the sender email address and verify the redirection link.
• Enable two factor authentications on all your accounts, with two factor authentication enabled, even if attackers obtain your credentials, they will not be able to login to your account.
• Do not reuse passwords on other websites – If attackers obtain one set of credentials, they’ll be able to login to all websites where you’ve registered with the same password.
• Create your password using 12 characters or more using any combination of letters, numbers, and symbols and consider using a Password manager to manage all your passwords.

As an organisation, what can you do to protect yourself and your employees from Phishing attacks?

Build a Robust Cybersecurity Awareness Training Program – Implement a consistent program that provides updated information on current trends and cybersecurity advice.

Conduct Simulated Phishing Attack Tests and Measure the Results – Simulated phishing attack tests can help a security team gauge the effectiveness of security awareness training programs and help end users gain a better understanding of attacks.

Deploy Ahead-of-Threat Attack-Prevention Tools – Implement email security measures such as DMARC, DKIM and SPF to prevent spoofing of your domain. Additionally you can implement an email filtering service such as Microsoft Advanced Threat Protection, Mimecast or Proofpoint email security among others to protect your company inbox and block malicious emails before they are received by end users

What to do if you have been Phished?

If you think you’ve been the victim of a phishing scam:

• Change your passwords. Your computer, financial institutions, and any other password-protected websites that you visit should be updated.
• Run a Full System Scan for viruses on your computer.
• Contact your banks to report that you may have been the victim of fraud.

 

                                          This article was written by Yash Paupiah from hackers.mu. He is a cyber-security consultant and contributes to open source as a hobby.