Internet

Now Anyone Can Phish Without Security Knowledge

Deepak GuptaFebruary 15, 2022
0

Internet users when we browse the Internet must be attentive to the files we download and the links we click. Cybercriminals will try to attack our computers by infecting them with various types of malware, viruses, Trojans, worms, and more. Currently, the favorite attacks to take advantage of are phishing and ransomware. Generally, to carry out this type of attack requires quite a bit of technical knowledge, although this is not always the case. In this article, we are going to see how phishing kits make it easy for non-professional users to spoof identities.

Phishing attacks a major threat

Most cybercriminals are more motivated by economic interests than by others such as politicians, curiosity or the intent to harm. In that aspect they want to ensure that these fraudulent activities are profitable. For that reason, they have to balance the potential payday against the risks, resources and time invested.

Avoid Phishing in real time

That is one of the reasons why they use phishing attacks as their default form of attack due to its high profitability. Thanks to malicious emails they can reach many potential victims quite easily. Now it is being seen that malicious actors can buy phishing kits with which they can easily make a quick profit.

According to Magni SigurĂ°sson, Senior Director of Detection Technologies at Cyren, after analyzing three months of phishing email traffic they came up with some findings such as:

  1. Most attacks are done for money.
  2. Those most affected by this impersonation were large technology or financial companies that were leaders in their segment. Some examples were Facebook, Apple and Amazon.

In this regard, it may be interesting to know the most common phishing strategies in social networks. In a phishing attack, the attacker often spoofs a URL, making the victim believe that they are on the legitimate website, but when they enter the credentials, they pass into the hands of the cybercriminal.

The shift to smartphones

Another of the most outstanding aspects revealed by the investigation was the growing increase in phishing attacks on mobile phones. Thus, to carry out these attacks, SMS text messages, WhatsApp and other mobile messaging services are being used.

Attackers are turning to these devices as email security solutions become more robust. In that respect, a mobile device is less likely to be better prepared against phishing than, say, a desktop computer. On the other hand, mobile phishing attacks are also more difficult to identify. The reasons are a smaller screen and also its simplified design. This exacerbates the lack of security solutions for smartphones.

Phishing kits make them usable by everyone

The phishing kits they are ready-to-use software packages. In that regard, they provide a collection of tools that allow cybercriminals to quickly create and launch their own phishing campaigns.

These kits are available on the dark web, they usually include email templates, graphics and scripts, and also have a simple interface to manage the attack. On the other hand, cybercriminals can add to your purchases databases of possible destination email addresses that are likely to come from a data breach.

Analysis of the phishing kits found that:

  1. They are usually very sophisticated.
  2. They are configured to launch campaigns.
  3. They can collect credit card information, social security numbers, and also have the standard goal of obtaining login credentials.

One of the most prominent phishing kits was the Chase XBATLI, which has been around for some time and has seen increasing use to target Chase and Amazon customers. That is why it is necessary to know how to protect yourself from a phishing attack.

What can companies do to protect themselves?

Phishing attacks can be detected by inconsistencies around language and design, if something strange is observed it should be red flags. Apart from that they must also:

  1. Verify that the sender’s name matches the email address.
  2. Check the URL.

Finally, companies must also provide support to their employees and customers. So they should offer you an accessible channel to report phishing. Customers must be able to easily report suspicions to the brand. On the other hand, employees should have a direct line to their IT security team and have a specialized anti-phishing solution in place.

We have other articles that may interest you:
  1. Keep these basic points in mind when hiring a hosting
  2. How to know when a web domain expires
  3. This ransomware tells you which files it is going to steal from you
  4. Know if you are browsing through a proxy
  5. Methods to download a website completely
  6. Learn what zero-day exploits are and how they affect your security
Deepak GuptaFebruary 15, 2022
0

Related Articles

Get to know these curious smart devices for your home

December 6, 2022

Configure the D-Link DSR-1000AC router firewall with ACL

August 25, 2021

How to automatically reject cookies in Chrome

October 31, 2021

How updates ransomware works

July 9, 2022

Leave a Reply

Your email address will not be published. Required fields are marked *