Beware of the use of disguised links that appear legitimate in the email text but in fact link to a completely different site.
The goal of Phishing campaigns is to obtain information that can be used for identity theft, such as user IDs and passwords, Social Security numbers and credit card numbers.
Sample of Phishing Email
How to identify a FALSE link in an email BEFORE you click on it
The phishing email sent to you will give you a link to click on, which will take you to a recognisable web page requesting some personal details.
The last link looks legitimate but actually the URL that sits behind both of these links (the actual web page that you will be taken to) could be different. To test what that URL actually is, follow this procedure:
- Right click on the link and then select Copy link address/ Copy shortcut
- Open Notepad or any word processor on your computer
- Click in a blank area on the page, right click and select Paste (or Ctrl + V).
As an exercise why not try this procedure in the Link Example above?
When you paste the copied link into a text editor you will see that the link actually points you to the following URL:
...This has no resemblance to Barclays Bank at all! It, in fact, takes you to a form on the Martin's HelpDesk web site so that you can log a support issue. Similarly a "phishing" email will take you to a form that resembles a bank's web site and will try to harvest from you some of your personal details as well as a username and password. These details are then sent to the perpetrator to enable them to log into your account and attempt to steal money. They can then easily do so by doing a transfer of funds to another account. They can even change your details so that you no longer have access to your account in the future.
A Phishing attack takes on a 5 Phase structure:
Phase 1: Targeting
Profiling a group of potential victims
Phase 2: Reconnaissance
Finding personal information and email addresses of the targeted victims.
Comment sections of blogs and bulletin boards often contain names and titles. Web searches make it relatively simple to find names and email addresses associated with given companies and professions. Social media sites like Facebook, LinkedIn, Google+ and Twitter, as well as video- and photo- sharing sites such as YouTube, Vimeo, Pinterest and Flickr, make it easy to gather names and very detailed personal and professional information.
Phase 3: Creating spear phishing emails
They will mimic common business and personal emails—without using phrases that could identify them as mass distribution spam.
They will use details gathered during the reconnaissance phase to make the emails convincing.
They will create messages and attachments tailored to attract the attention of those groups.
- Package delivery and shipping
- Banking and purchasing
- Airlines and travel
- Internal Revenue Service
- IT department
- Satisfaction Survey
Phase 4: Plant malware on the victim’s computer
The cyber criminal simply entices the victim to fill out a web form with confidential information like account number, Social Security number or user ID and password.
More commonly, though, the goal is to lure the victim into downloading a malware file, either by clicking on an attachment in the email, clicking on a link in the email that requests a file download, or clicking on a link in a webpage. However, if there is an unpatched vulnerability in a browser or application on the victim’s computer, the cyber criminal can often execute a “drive-by download” merely by luring the victim to a compromised webpage.
Phase 5: Exploit the breach
The cyber criminal is now able to follow up by capturing the victim’s keystrokes, finding and exporting files on the victim’s computer, or burrowing into the company network using the victim’s credentials.