Tag Archives: Phishing

How to protect yourself from phishing attacks

Phishing emails and instant messages attempt to lure you with bait, just like with fishing in the real world, which is where the term phishing originated.

Just like a real fish, as you learn to identify the types of phishing bait being used, you’ll drastically reduce your chances of getting caught.

Successful phishing scams utilise three tricks to catch victims:

Urgency

Threatening you with a consequence if you don’t act.
e.g. “A request to terminate your account, or a claim that it’s about to be suspended.”

Curiosity

Offering you some juicy bait, tempting you to act.
e.g. “Attached is a company report that contains the salary information of your colleagues.”

Familiarity

Tricking you into acting thinking it’s from someone you know.
e.g. “There’s an important message from someone waiting for you online.”
 

Armed with this knowledge you’ll be more alert to suspicious emails and messages when they land in your inbox.

 

#1: Check the facts before acting

Verifying the authenticity of a message can be a challenge- especially if the sender’s email or social media account has been hacked.

Here are two easy ways to check whether or not the message is a scam.

  • If you know the sender, contact them using another service (email, social, phone etc) to check that their message is legitimate.
  • If not, enter the subject line or some other small part of the message into your favourite search engine.

If your search reveals others who have reported this message, or are asking questions about its authenticity then you’ve proven two things – first, you’re not alone and second, it probably is a phishing, scam or hoax email.

 

#2: Make sure it is safe

A phishing email or instant message typically contains a web link (URL) to click on, and in the case of an email possibly even an attachment of some kind.

Check out this video to learn how to tell if it’s a bad link or not:

Video

Video: How To Tell If A Link Is Safe

 

However, it’s worth emphasising that knowing if a link is truly “bad” before you click isn’t a perfect science, and often security professionals can’t even tell until they visit it.

If there’s an attachment on the email you need to be particularly careful NOT to open it.  Believe it or not, even PDF and Word files can be infected!  If you weren’t expecting the file, don’t open it.  No exceptions.

A great way to help with these safety checks is to protect your devices with antivirus software which will scan all files and attachments for malware and even scan links to check they are safe.

 

#3: Report it

Lastly, if you do spot a phishing email, be a good online citizen and consider taking the time to help out by immediately reporting it directly to the legitimate organisation or person that’s being impersonated.

Many large companies, particularly banks, have websites dedicated to providing further resources and information about how to stay safe from phishing, along with ways to report phishing cases to them, and also examples of recent scams that are circulating.

Each and every one of us has the ability to improve the lives each other online, so make sure you share this information on how to stop phishing with those you care about.

 

Until next time, stay safe out there.

 

Internationalization and the Internet

The Internet is a child of the United States of America, so it does not come as a surprise that only Latin letters and some scientific characters were used when the systems and the software (then called ARPANET) were designed. In today’s world, where roughly half the global population, with its different letters and alphabets uses the Internet, things look different.

The Need for Internationalization

You might have seen a so-called IDN before. IDN stands for internationalized domain name and all it boils down to, is a web address with special characters. This can be of great help for Internet users that live in regions where the primary alphabet in use is not Latin-based or is extended with special characters. Take Swedish for instance: the letters ä, ö and å augment the standard Latin alphabet. Without the support of IDNs, you would have to agree on a different (Latin) character for domains – like a or aa instead of å. Instead of visiting the website of your favorite Swedish bakery with www.pågen.se, you would have to go to www.pagen.se. This is okay until another company with the name Pagen appears and wants to claim that domain name. It becomes confusing very quickly for the visitors.

Wait…IDN what?

The Domain Name Service (short: DNS), which is used to translate a web address to something the computer understands, only accepts Latin characters. To make internationalized domains work, a system called punycode is used. A complete explanation of the algorithm is way out of scope for this article, but here is a short one. Whenever you enter an address like pågen.se, punycode prepends xn--, skips all non-Latin characters of the domain (å) and appends a dash to the remaining characters (pgen). So far, the result is xn--pgen-. Now, some black magic (finite state machines and generalized variable length integers) is used to represent the location and the identity of the skipped characters. In the end, the result looks like xn--pgen-qoa.se. This is the domain that your browser will access. You, as a user, will not feel any difference as this is done transparently by your browser. Arguably the first internationalized domain (rather subdomain in this case) was http://räksmörgås.josefsson.org.

How it affects you?

There are alphabets which contain letters similar to the ones in other alphabets. Take the Cyrillic script for instance: the Cyrillic letter а resembles the Latin character a. In a so-called IDN homograph attack, a cyber-criminal uses exactly this resemblance to mimic trusted websites. Imagine the domain in the following pictures.

Internationalized version of a domain. The first a is Cyrillic, not Latin

Internationalized version of a domain. The first a is Cyrillic, not Latin

From the looks of it, it is paypal.com. You would almost have to be psychic to note that the first a is a Cyrillic letter. Now the attacker only needs to design a page that looks exactly like PayPal’s and send the login credentials to his or her email address – Mission accomplished.

If the domain is considered suspicious, modern browsers will show the punycoded variant

If the domain is considered suspicious, modern browsers will show the punycoded variant

Not all is lost

Fortunately, it is not that simple to deceive unsuspecting users anymore. Modern day browsers indicate that you are browsing an internationalized website as the image below shows.

Internationalization feature of Internet Explorer: shows a small icon in the address bar

Internationalization feature of Internet Explorer: shows a small icon in the address bar

In contrast to typosquatted URLs, where you might be able to spot phishy URLs by looking at them twice, IDNs can pose a real problem. You have to rely even more on a strong Web protection. It shows that common sense does not protect you from everything on the Internet and that it is crucial to have an up-to-date antimalware solution on all your devices.

Recommended Reading & Resources

Internationalized Domain Name
Punycode
Internet Usage Statistics
Internet
Homograph Attack
DNS

The post Internationalization and the Internet appeared first on Avira Blog.

Phish Allergy – Recognizing Phishing Messages

While phishing-related malware is still mostly Windows targeting, attacks that rely purely on social engineering and fake web sites might be delivered by any platform, including smartphones and tablets. The more cautious you are, the better informed you are, and the more you think before you click, the more chance you have of leaving phishing craft stranded.

The post Phish Allergy – Recognizing Phishing Messages appeared first on We Live Security.

Scammers trying to steal Netflix passwords, and more

A flurry of news concerning Netflix in recent days has presumably motivated this recent phishing attempt, as scammers continue to pursue current events and breaking news stories to attract victims.

In the email is a red button “CLICK HERE TO VERIFY YOUR ACCOUNT” that leads directly to a replica Netflix login page, as well as pages that ask for personal details including Credit Card information.

 

Unsuspecting Netflix customers who are tricked into this process will not only divulge their account password (which they may have used elsewhere), but may also have their credit card details stolen and used for fraudulent purchases.

 

If you do receive a Netflix phishing email you should report it officially to Netflix by forwarding the message to [email protected]. Further information about keeping your Netflix account secure can be found here.

Until next time, stay safe out there.

 

Inside Cryptowall 2.0 Ransomware

An analysis of Cryptowall 2.0 reveals that the ransomware relies on complex encryption routines and sandbox detection capabilities to survive. It also uses Tor for command and control, and can execute on 32- and 64-bit systems.

On Neuroscience and Phishing Attacks

All kinds of fun facts bounce around the internet. You might have seen the one about contextual reading: It deson’t mttaer in waht oredr the ltteers in a wrod aepapr, you can sitll raed it wouthit pobelrm. See how this neuro-scientific peculiarity helps phishing criminals earn lots of money and what simple things you can do to protect yourself.

Why are URLs so important?

As I work in the URL detection team of Avira’s Protection Labs, you might not be surprised by me saying that URLs are a very important part of our daily lives. In ancient times, ten or fifteen years ago that is, data was shared through floppy disks, which were still in heavy use back then. (You know, the legacy industrial equipment that looks like the ‘Save’ button in your applications.) Times have changed and so has the industry. In today’s world, files are distributed over the Internet. File hosting services, like Dropbox and OneDrive, flourish like never before. The Internet actually consists of many subsystems like email, file sharing and the Word Wide Web. Also known as just the Web, the latter represents what you usually do in your browser: click on links, enter URLs in the browser bar, search the web; those are all examples of how you use URLs to access the Web.

What is a domain?

domain

Avira’s domain entered in a web browser

Domains exist because they are easier to remember than IP addresses (which domains point to). They operate pretty much like a phone book. You do not remember the phone number of a person to call, you look them up in the phone book. This establishes the connection between person and callable number. While you still have to enter the number yourself on the phone, your browser will take that burden off of you. So, when you enter www.wikipedia.org in your browser, it will look up and redirect you to the proper IP address of the web server that hosts the site. If you enter www.wikkepedia.org, you will not be redirected to the site you intended to visit but rather receive a browser warning, stating that the website does not exist – just like the well-known “The person you’ve called is temporarily not available” message you hear on the phone when you dial the wrong number.

Some typos are intentional

“Where does the neuroscience bit come into play?”, you might ask. Cyber criminals are able to register this domain and host advertisements. Once you accidentally enter the wrong URL, you will be redirected to this so-called typosquatted domain and thus will have accessed ads. This in turn generates money for the advertiser. Check out my other article about online advertisements for further information. The important thing to remember is, that this is possible not due to careless surfing. It works because the human brain operates with contextual sections.

Some just want to make a few bucks by registering a misspelled domain in order to sell it back to the brand owner. One could register www.citybank.com and sell it to www.citibank.com, as this is a common misspelling.

From Malware to Phishing

01_outbrowse_landing_page

Landing page of misspelled Wikipedia URL

Other unfair practices include redirection to potentially unwanted applications (abbreviated PUA). Your browser will typically show a warning about the state of your computer – telling you it might be infected, your drivers might be out of date or that you have won a million dollars. To give you a practical example: I found this software recommending driver updates for my computer while going through misspelled Wikipedia links (I omit the direct URL for obvious reasons). A click on “Installieren” (region-specific, as I am browsing from Germany), tries to install the software that I do not actually intend to have on my PC. Fortunately, I am one of the lucky people having Avira security products installed. The Web Protection kicks in and saves me from accidentally installing PUA on my PC.

What to do about it?

02_avira_detection

Avira detects potentially unwanted applications (PUA)

No antimalware solution will ever give you 100% security. They are considered to provide you with something in between base and enhanced detection of malicious software on your PC. Nowadays, those programs also include effective web protection like cloud-based scanning of URLs. Avira offers both traditional antimalware solutions and an unobtrusive browser plugin to protect you against most of it. However, you should never solely rely on software to protect you. It helps a lot to know about the risks. You just might look twice the next time. ;)

Resources and recommended reading

Breaking the Code: Why Yuor Barin Can Raed Tihs
Typosquatting
We knew the web was big…
How Big Is The Internet?
TypoSquatting – Malicious Domains Malware Domains

The post On Neuroscience and Phishing Attacks appeared first on Avira Blog.