The principles of protecting e-mail boxes against phishing attacks
Knowledge 3 February 2017 Krzysztof Sadecki
A phishing attack is still the most efficient vector of attack on organizations and financial institutions. Despite the high level of awareness of the cyber risks, hackers still believe that this is one of the most favoured methods of attack. According to experts from Trend Micro, phishing is still the most frequently used attack and is used in 91% of cyber vandalism acts. In the second part of 2014 another record was beaten. There have been 123, 972 phishing attacks with 95, 321 on unique domains.
123, 972 was the amount of phishing attacks recorded in the second half of 2014
This data shows that phishing attacks are very intense. In most scenarios, the attacks are based on sending malicious emails that impersonate legitimate institutions and induce spontaneous action on the victims. Phishing emails typically contain malicious links to websites controlled by hackers. Another example of this type of attack is to use malicious software which, when an email has been opened, begins the process of infection.
An attack called ‘spear phishing’ is not an ordinary phishing attack. Its aim is to infect a specific group of people in one organization, instead of infecting an individual. The aim of the attack is to collect the highest number of personal data and other sensitive information that will be used later to attack certain people.
Recent hacking campaigns, which have been carried out by several cyber terrorist groups, rely on forcing users to open Word files or PDFs, which are located in the e-mail. These files are specially crafted, exploiting the vulnerabilities contained in web browsers. Analysis of the data relating to cyberattacks shows that a phishing attack via email is still the preferred hacker attack and allows attackers to gain access to institutions of any size. The most common examples of phishing attacks is “Operation Aurora” hacking into Sony, as well as attacks on banks conducted by the Operation Carbanak group. In each of these cases, the attacks began from sending malicious e-mails, and mail servers of organizations were not properly managed by the staff of these organizations.
If offenders have already accessed victims’ account, they start stealing data in order to resell it on the black market. In fact, in the Dark Net it is very easy to find an offer to sell hacked accounts. In addition, there are also all the forums that specialize in the sale of e-mail accounts. Contrary to appearances, it is in these forums that there is the most traffic and you can repurchase entire batches of mailboxes of people from a particular industrial sector.
Each phishing attack seeks to exploit the weakest link in any organization, namely the human factor. That is why it is so important for any organization to provide basic safety information on e-mails. This enables the number of infections to be drastically reduced.
What is the commercial value of e-mail accounts?
A few years ago the popular detective Brian Krebs published a rather interesting post in which he had to answer the question about the real commercial value of e-mail addresses. In his article he inserted an interesting business model for earning on e-mail addresses.
In fact, an e-mail account is one big container, through which hackers can gain access to unlimited amounts of information, including passwords, documents, credit card information, accounts and a number of other important information. Immediately after taking over the victim’s account, the scammer can gain access to an infinite amount of information, discover a network of business contacts, examine user behaviour, find information about expenses and then simply use the information and the acquired accounts to gain access to other services such as Facebook, eBay, PayPal and many others.
A short message published at the time by Brian Krebs stressed the great importance of the security of an email account. The email account is of course an important part of our digital identity and must be protected.
If offenders have already accessed victims’ account, they start stealing data in order to resell it on the black market. In fact, in the Dark Net it is very easy to find an offer to sell hacked accounts. In addition, there are also all the forums that specialize in the sale of e-mail accounts. Contrary to appearances, it is in these forums that there is the most traffic and you can repurchase entire batches of mailboxes of people from a particular industrial sector.
Of course, criminals are interested in hacking email accounts for many different reasons. Hackers can use hacked accounts to spy on their victims or use them to launch a further attack. In some cases, hackers also try to make money directly on their victims. Very often they offer corresponding ransom for the recovery of the account, or simply pretend to be friends of the person attacked, asking to transfer the money to supposedly help their friends trapped in another part of the world.
The acquired e-mail account can also be used to gain access to services in the cloud, where the files are stored associated with your e-mail address. The main places being favourites for cybercriminals are Google Drive accounts or Dropbox. According to companies protecting customer data, the most valuable commodities that can be traded are certainly:
• Annual balance sheets of financial statements
• Several years of project plans and strategies
• Intellectual Property and innovative ideas shaping the business models
• Customer bases and partnership relations (CRM)
Phishing messages are usually not specifically expected by users and usually ask their victims to provide sensitive information. Never open any messages that ask you for sensitive personal information. Very often, phishing emails contain information about the fact that with something was wrong with your social network, bank, eBay or Allegro account and they asked for credentials to resolve the situation. In many cases, the malicious e-mail messages can try to open up the system, and the legitimate websites contain links to malformed websites whose sole purpose is to collect data about the user.
• Credentials to corporate e-mail and personal e-mail boxes of employees
• Internal network diagrams of infrastructure and their character specifics
Hacked account can be used to collect data access to payment systems such as PayPal. Following the ‘takeover’ of a PayPal account, the cybercriminal can carry out hundreds of transfers and commercialize them in the underground.
Tips designed to safeguard mailboxes
Below is a list of useful tips that will help you safeguard your e-mails and confidential data, even when you do not yet have a security policy on your e-mail boxes
Pay attention to the supposed messages handing you over a great deal or a package that you have not ordered
Never click on links embedded in an e-mail
Never click on most of the links in the e-mail address. A very good practice is to just click on links in an e-mail, if you are 100% certain that they come from a trusted source.
Never click on the images and links in messages that offer a particular product or service. If it seems to you that the email came from your bank, you should never click on it. A much better practice is to copy the link and paste it manually in the browser bar.
Do not open attachments in unsolicited e-mails
The most common attack vector is infected attachments, so do not open any files that are attached to e-mail messages if the messages comes from unknown institutions or individuals.Never open attachments contained in unsolicited emails and you should not trust the file extension. File names can be forged and a malicious code that installs malware can be attached to the JPEG image.
You should avoid using to the same e-mail account for all services
Very often Internet users use the same account for all services such as Facebook, company e-mail, etc. If we limit all of our activities to a single e-mail account, we are making a very big mistake that can lead to the theft of our entire digital identity.
Using separate email accounts for the same services will improve our safety since, in the case of violation of one account, we have secure data on other mail accounts all the time. It is very good practice is to keep a separate business account as well as one for private messages and accounts for social networking sites. With this solution, we will even learn to detect potential spammer links.
Never use the same password in multiple services
Use a unique password for each e-mail account. Using one password for all services should be regarded as one of the most serious security flaws. If an attacker is able to break into one account with a password, it means that he will be able to break into all the accounts of his victim. Unfortunately, the practice of using unique passwords for services is still neglected by many users.
Always scan your system for malware
Every time a computer user receives a suspicious e-mail message, even if they come from a trusted source, you should run the malware scanner and antivirus software. An attacker may use the e-mail of your business partner or partners to spread malicious software to all your contacts.
Avoid public Wi-Fi networks
This is another very good suggestion. If you plan to check your e-mail messages, you should avoid publicly available Wi-Fi networks. Whilst using public Wi-Fi networks, hackers can easily guess our passwords, confidential information, or run a ‘man-in the-middle’ attack, to take control of users’ email accounts.
The adoption of the principle of in-depth defence Cyber threats which can lead to discrediting the e-mail address come in various forms, so for this reason it is not possible to develop a clear defence strategy. For this purpose, the so-called defence in depth is used, which includes among other things:
• Anti-virus and anti-malware filters
• Content filtering
• Spam filters
Using two-factor authentication
Using two-factor authentication can drastically improve the security of e-mail accounts. Authentication in this model requires knowing the password, and any other item such as a smart card or mobile device used to generate one-off codes or implement a process of challenge-response. The inclusion of two-factor authentication also helps when your account password has been discredited, because the account will be secured by a second element used in authentication.
Encrypting e-mail messages
Another important suggestion that a user can follow to ensure the protection of the e-mail address is its encryption. Encryption should be used to protect all private e-mails and should prevent reading messages even when your e-mail address will be discredited. Most of the standards allows encryption of Advanced Encryption Standard (AES), which provides encryption of key messages of the following lengths: 128, 192 and 256 bits.
According to companies protecting customer data, the most valuable commodities that can be traded are certainly:
• Annual balance sheets of financial statements
• Several years of project plans and strategies
• Intellectual Property and innovative ideas shaping the business models
• Customer bases and partnership relations (CRM)
• Credentials to corporate e-mail and personal e-mail boxes of employees
• Internal network diagrams of infrastructure and their character specifics
Przeczytaj ten artykuł w wersji polskiej: http://www.businessmantoday.org/zasady-ochrony-s…mi-phishingowymi/