Phishing in its many forms, I know of over 19 off the top of my head, is plain and simple. It is a redirect or a download that puts a program on your machine to allow threat actors access to your system. Redirects are called links. These are the highlighted and underlined words that take you to information, websites, or your account, like a bank account. You get them in emails, on social media, as texts on your phone, and as pop-ups. You can also get them in web searches when you access a website or just randomly, where they take over your machine and make it look like a significant infection.
I get at least one client a month that experiences phishing issues. I have witnessed 17 counts of ransomware and hundreds of phishing attempts in the last decade. The average “ransom” for ransomware was 8,000 USD to 20,000 USD 6 years ago! The cost is much higher in today’s world!
In part one of our multi-series blog, “An Understandable Guide to the World of Phishing,” I want to take my time to explain how phishing works, how to prevent it, and what to do when you click on the link. Because let’s face it we all have done it by accident at least once!
Many “phish” in the sea
I’m sure it won’t cover every form of phishing. Even my eyes glaze over after a while! They all have a common theme and end goal! Designed to “trick” you into supplying your usernames, passwords, bank account information, or simply to gain access into your system to gather information.
I’m thankful that so far, after explaining good internet hygiene and putting advanced tools on machines we have not seen Ransomware in over 6 years and only a few have been severely compromised by successful phishing attacks. Phishing is one of the oldest techniques around, and you really are just one click away from an expensive mistake.
Phishing attacks have been around since the public release of the internet
Let’s look at phishing, first seen in the 90s; threat actors used instant messaging and email to carry out what would later be dubbed a “phishing” attack. Threat actors posed as legitimate company employees and convinced people to hand over their usernames and passwords.
Sending “Instant Messages,” now known as PMs (private messages) or DMs (direct messages) and/or emails to users and requesting them to verify their accounts or to confirm their billing information. The accounts were compromised or “phished.” Sound familiar? It should! This tactic is still being used today! Let’s investigate how phishing works.
How Phishing Works
Over 96% of all phishing attacks are for information gathering. Phishing today is the use of email to steal your personal and/or financial information. We use email every day; the days of getting mail in our real-world mailbox are just shy of being over. We pay our bills online, shop, and stay connected; these require email communications between you and the company or person.
You get an email, and in the subject line, it reads: “URGENT!! DO NOT IGNORE!! YOUR SERVICE WILL BE DISCONTINUED!” It looks like it came from your provider, but you remembered to pay the bill. Last week! You open the message, and it instructs you to go to their website and PAY YOUR BILL OR ELSE!! They even provided you the link or button to go straight to the site from your email message! You hit the link/button, and it takes you to a site and that site looks like your provider’s site, however it is NOT. It is a fake site that, when you put in your username, password, or account information, is stolen. Phishing is using email to steal your personal and/or financial information.
How to Prevent Phishing
In all ways, phishing requires you to click on a link. Sometimes, the link takes you to a fake website and other times; it executes a hidden downloaded application. So do not click on the link! When you first sign up for a site, save it as a bookmark. Go to the bookmark and log in. If the email message was real, it will be there waiting for you. The second way is to keep your machine up to date. Threat actors use weaknesses in your software to enter your systems. Keep all patches up to date to help close these avenues of attack.
What to Do When You Click on the Link
Hopefully, it was just a link!? If your machine starts acting weird or slows down, let your IT department know as soon as possible. Every minute is a day to a computer! The quicker it gets investigated and stopped, the less data loss occurs. Your IT team will run a quick check on your computer. Don’t be surprised if they ask you to disconnect it from the internet. If the connection is through Wi-Fi, they may tell you to turn the machine off to help contain the corruption.
Please don’t ignore it or be embarrassed! Don’t use your work computer for personal use. Invest in a good Endpoint Detection and Response (EDR) antivirus. Pay or learn how to maintain it. Keep the machine up to date by checking once a week. Reboot your computer at least once a week, not just put it to sleep.
This is also true of your phones. If you think your phone is infected, “factory reset” it. It’s the new attack surface because no one protects or even thinks about their phone. If your phone is infected and it is using your Wi-Fi, it makes an extremely easy “launch pad” to infect other devices on your internet.
In conclusion
Phishing is an old technique that comes in many different forms and is not going anywhere! It is designed to steal your personal and/or financial information or simply to gather information by clicking a link and sending you to a fake website or downloading a dangerous application. While there are many things you can do to avoid being compromised, such as DON’T CLICK THE LINK, we all have fallen victim to this ploy. Do not be embarrassed if you hit the link more than that, Do not just ignore it! Get a hold of your IT team. If you do not have one, we can help!