Social engineering of data over the Internet through phishing involves social and technological tactics to acquire information from victims. Attackers often target naive users to unwittingly divulge critical information such as their usernames; passwords from social network sites, bank and financial web pages; and credit card details. Fraudsters create fake web pages that closely resemble the original site and spread the pages through emails, web and multimedia messages to reach the target users. Modern day phishing emails are more malicious than before. Almost 90% of phishing attacks originate from organized crime groups, and the rest originate from rogue-nation adversaries. The attackers are primarily after their targets’ login credentials.
The Dridex malware created havoc by stealing banking credentials through seemingly innocent Microsoft Office macros attached to the phishing emails. The malware was configured to target customers of nearly 300 different organizations in more than 40 regions. Dridex campaigns put real company names in the sender address of the email and repeated valid company information in bits and pieces throughout the email text. Attackers took these steps to make the emails look more realistic than regular junk email, helping them avoid automated spam filters.
Spear Phishing—The Most Dangerous Game on Earth
Often, users receive attackers’ emails for a particular product or service, online account, community or organization. These messages look like a standard email, and they appear to come from a trusted source. An email address of any employee or a select group in the company (e.g., the head of human resources or a computer systems administrator) can be used to transmit the messages. Such highly targeted phishing attacks including the Dridex malware campaign and the chief executive officer (CEO) email frauds or Business Email Compromise (BEC) are collectively known as spear phishing. Sometimes, the requests seemingly come from a trustworthy source or domain name system (DNS), and the user is misled to share usernames, passwords and other personal data, which is known as pharming.
Why Is Phishing Advantageous for Attackers?
Many spam emails and social engineering of personal and financial data occur through seemingly reliable website logins and email communication. Since phishing often employs traditional email/messaging software, it gives the attackers the ability to gain a foothold directly inside the systems of an organization. In contrast to other attack vectors, phishing is relatively straightforward and easy to execute. Through phishing emails, an attacker can target particular user(s) rather than carpet bombing the entire business organization through the email domain name. With the adoption of online banking technology, many customers began to access their accounts online. Criminals have shifted their focus, targeting banking login credentials.
In our recent Journal article, we discuss how users can stay safe from phishing scams by just looking at rogue URLs and web links embedded in emails. We show important features of a URL that could indicate phishing, e.g., an extra @ symbol, inclusion of an IP address, redirect using “//,” specifically hard-coded “https” or “-” separator, extremely long URLs, or extremely short URLs such as “bit.ly” shortened sites. Through machine learning techniques, we extract the most important features of the phishing links and emails and retain only those which are readily recognized. In the article, we also compute the loss for a firm facing phishing attacks and proposed remediation strategies involving the people, process and technology of the company.
Read Baidyanath Biswas and Arunabha Mukhopadhyay’s recent Journal article:
“Phishing Detection and Loss Computation Hybrid Model: A Machine-learning Approach,” ISACA Journal, volume 1, 2017.