Frequently Asked Questions

Phishing

Phishing is an email fraud method in which the perpetrator sends out legitimate looking email in an attempt to gather personal and financial information from recipients. Typically, the messages appear to come from well-known and trustworthy websites.

Emails appear to be from banks, on-line retailers, social networking sites and other widely used websites. They entice readers to go to a website controlled by the cyber criminals and fill in a form or download a file containing a Trojan, key-logger or some other type of malware.
Beware of the use of disguised links that appear legitimate in the email text but in fact link to a completely different site.

The goal of Phishing campaigns is to obtain information that can be used for identity theft, such as user IDs and passwords, Social Security numbers and credit card numbers.

Sample of Phishing Email
barclayes bank 
How to identify a FALSE link in an email BEFORE you click on it
The phishing email sent to you will give you a link to click on, which will take you to a recognisable web page requesting some personal details. 

Link Example
The link will either look like this Online Account Login or http://barclays.co.uk.

The last link looks legitimate but actually the URL that sits behind both of these links (the actual web page that you will be taken to) could be different. To test what that URL actually is, follow this procedure:
  1. Right click on the link and then select Copy link address/ Copy shortcut
  2. Open Notepad or any word processor on your computer
  3. Click in a blank area on the page, right click and select Paste (or Ctrl + V).

As an exercise why not try this procedure in the Link Example above?

When you paste the copied link into a text editor you will see that the link actually points you to the following URL:
http://www.martinshelpdesk.com/osticket/open.php

...This has no resemblance to Barclays Bank at all! It, in fact, takes you to a form on the Martin's HelpDesk web site so that you can log a support issue. Similarly a "phishing" email will take you to a form that resembles a bank's web site and will try to harvest from you some of your personal details as well as a username and password. These details are then sent to the perpetrator to enable them to log into your account and attempt to steal money. They can then easily do so by doing a transfer of funds to another account. They can even change your details so that you no longer have access to your account in the future.

A Phishing attack takes on a 5 Phase structure:

Phase 1: Targeting
Profiling a group of potential victims

Phase 2: Reconnaissance
Finding personal information and email addresses of the targeted victims.
Comment sections of blogs and bulletin boards often contain names and titles. Web searches make it relatively simple to find names and email addresses associated with given companies and professions. Social media sites like Facebook, LinkedIn, Google+ and Twitter, as well as video- and photo- sharing sites such as YouTube, Vimeo, Pinterest and Flickr, make it easy to gather names and very detailed personal and professional information.

Phase 3: Creating spear phishing emails
They will mimic common business and personal emails—without using phrases that could identify them as mass distribution spam.
They will use details gathered during the reconnaissance phase to make the emails convincing.
They will create messages and attachments tailored to attract the attention of those groups.
These include:
  • Package delivery and shipping
  • Banking and purchasing
  • Airlines and travel
  • Internal Revenue Service
  • IT department
  • Satisfaction Survey
Phase 4: Plant malware on the victim’s computer
The cyber criminal simply entices the victim to fill out a web form with confidential information like account number, Social Security number or user ID and password.
More commonly, though, the goal is to lure the victim into downloading a malware file, either by clicking on an attachment in the email, clicking on a link in the email that requests a file download, or clicking on a link in a webpage. However, if there is an unpatched vulnerability in a browser or application on the victim’s computer, the cyber criminal can often execute a “drive-by download” merely by luring the victim to a compromised webpage.

Phase 5: Exploit the breach
The cyber criminal is now able to follow up by capturing the victim’s keystrokes, finding and exporting files on the victim’s computer, or burrowing into the company network using the victim’s credentials.

Last Updated 3 years ago

Martin's HelpDesk

156 Hungerford Road
Brislington
Bristol
BS4 5EZ
United Kingdom

Tel: 0117 9118064 | martin@martinshelpdesk.com

Please Wait!

Please wait... it will take a second!