Phishing refers to any attempt to obtain sensitive information such as usernames, passwords, or banking details, often for malicious reasons, by impersonating a trustworthy entity in an electronic communication. Phishing is an example of a social engineering technique used to mislead users and exploit weaknesses in network security. Various attempts have been made to control the increase in reported phishing cases, include legislation, employee and general user training, public education, and standardized network security protocols.
Phishing is typically carried out by direct digital communication. An attack will often direct users to enter sensitive information at a fake website, the look and feel of which match the legitimate site. Correspondence, claiming to have originated from social media, auction or retail sites, financial institutions, or network and IT administrators, are used to trap users. Phishing emails may even contain links to distributed malware, further damaging a victim’s system.
In addition to standard phishing techniques, specific types of phishing can be used to accomplish various objectives.
- Spear phishing: An email-spoofing attack that targets a specific organization or individual, seeking unauthorized access to sensitive information. Attackers usually gather personal information about the intended target to increase their chance of success.
- Clone phishing: Where an authentic, previously valid email has its content and recipient address stolen, reverse engineered to create an identical or cloned email. Any real attachments or links in the original email are replaced with malicious software, and then sent from a spoofed email address to trick the victim into believing its authenticity.
- Whaling: A phishing attack crafted to target an upper manager based on the person's role in the company. The content of a whaling attack email is often written as a legal subpoena, customer complaint, or executive issue. Whaling scam emails are designed to masquerade as a critical business email, sent from a legitimate business authority.
Common Features of Phishing Emails
When dealing with web security, it's important to be able to recognize the most common aspects of a phishing attack. Users are often the only reason that phishing attacks are successful, so avoiding major pitfalls can help businesses avoid cyber security threats.
- Dramatic Statements: Lucrative offers and eye-catching or attention-grabbing statements are designed to attract people’s attention immediately. For instance, many claim that a target won a phone, a lottery, or some other lavish prize.
- Urgency: A common tactic among cybercriminals is to ask the victim to act quickly before an opportunity ends. Most reliable organizations give ample time before they terminate an account and they never informally ask their users to update personal details over the Internet.
- Hyperlinks: A link may not be all it appears to be. Hovering over a link shows the actual URL, and it could be totally unrelated to the link text. Sometimes it might appear to be a safe website, but with slightly altered spelling – for example, with the number “1” replacing a lowercase “L”.
- Attachments: Unexpected attachments in emails should be treated with suspicion. They often contain payloads like ransomware or other viruses.
- Unusual Sender: Low level spam will often be sent by unknown or suspect sounding users. When receiving an email from someone unknown, who seems to be acting suspiciously, practice control in responding too quickly, if at all.
Avoiding Phishing Attacks
- Social Responses: Training people to recognize phishing attempts, and deal with them. Education can be effective, especially where training emphasizes conceptual knowledge.
- Browser Alerts: Maintain a list of known phishing sites and check websites against the list. One such service is the Safe Browsing service provided by Google Chrome.
- Eliminating Phishing Mail: Specialized spam filters that reduce the number of phishing emails that reach their addressees' inboxes, or provide post-delivery remediation, analyzing and removing phishing attacks upon delivery through email provider-level integration.
- Monitoring and Takedown: Round-the-clock services to monitor, analyze and assist in shutting down phishing websites.
- Transaction Verification and Signing: Using a mobile phone (smartphone) or alternate email address as a backup channel for authentication and authorization of sensitive interactions (like financial transactions).
Phishing is one of the largest threats to enterprises today. A successful phishing attack can not only cost money, it can open a company up to much greater security and data breaches. That is why training and education are so important, as they can greatly reduce the rate of successful phishing attacks.
- Blog: Four big spear phishing attacks you may have forgotten
- Blog: Phishing vs. Spear Phishing: What You Need to Know
- Blog: Is spear phishing the new ransomware?
- Whitepaper: Best Practices for Protecting Against Phishing, Ransomware and Email Fraud
How Barracuda Can Help
The first step in blocking phishing emails is to install an email filter. Barracuda Essentials provides a comprehensive email filter that blocks spam. It then scans all inbound emails for malicious attachments and URLs against Barracuda’s database of known malicious file types and servers. It also uses advanced analysis to spot signs of phishing such as typo-squatting, link protection, and suspicious language used in the email subject or body.
It’s important to train users to spot potential phishing emails and delete them. Users should err on the side of caution and confirm the authenticity of any unexpected email by contacting the apparent sender. Barracuda Phishline uses advanced training and simulation to measure your vulnerability to phishing emails and teach users how to avoid becoming victims of data theft, malware, and ransomware.
Barracuda Advanced Threat Protection adds more layers of protection for those cases when an inbound email filter alone is not sufficient. First, it uses signature matching, heuristic and behavioral analysis, and static code analysis to pre-filter traffic and identify the vast majority of threats. Finally, it feeds remaining suspicious files to a CPU-emulation sandbox to definitively identify zero-day threats and block them from reaching your network. This means that it can block phishing and emails carrying zero-day payloads that other techniques might miss. Barracuda Advanced Threat Protection is available for Barracuda Email Security Gateways, Barracuda Essentials, Barracuda Web Security Gateways, Barracuda CloudGen Firewalls, and Barracuda Web Application Firewalls.
Do you have more questions about Phishing? Contact us today!