Countermeasures Against Phishing Attacks

MailXaminer | January 21st, 2020 | Forensics

In the cyberworld, business organizations are under serious attack as they are increasingly becoming the target of online threats. However, many users fail to mitigate such cyber threats. Now, with this blog, you can easily follow the countermeasures against phishing attacks to prevent them actively.

Over the past two decades, internet users are harassed by cybercriminals in different ways. Hackers are those criminals who theft the identity of internet users by using extraordinary skills and techniques over the cyberspace. They are doing this by the technique of social engineering in a way to con the target by using internet threats. This includes Phishing, Spoofing, Ransomware attack, Trojan Horses, etc. It can be seen that phishing is one of the threatening cyberattacks extremely witnessed by business organizations. A staggering statistics involving phishing attack is given here:

  1. In this internet world, a phishing attack is detecting in every single minute.
  2. In the year 2015, 85% of worldwide organizations experienced phishing attacks, with a 60% increasing scale as compared to the previous year.
  3. United States has been lost $ 1.3 billion, $160 million by Canada, and $130 million by the US alone in a phishing scam.

After knowing these facts and serious financial consequences, business organizations needs to take curatives against these challenging threats. To do so, first, they need to properly understand the concept of phishing and should take adequate preventive measures troubleshoot such cyberattacks. In the next section, we will go through the concept and understand the countermeasures against phishing attacks.

What is Phishing Scams?

The term ‘phishing’ is originated from the word ‘fishing’. Just like a fisher trolls in the boat on the river and lure the fish to catch. The same way, ‘phisher’ also trolls on the internet using communication as a medium and bait user to steal the sensitive information or credentials of the users. At, first glance, the information provided by the phisher seems to be legitimate, but it depicts to deceive the internet users. Phishing attacks are increasing vigorously in every passing year. Hence, it is important to know the countermeasures for phishing attack.

It can be categorized as follows:

  • Vishing: Vishing is the term identical to hear as ‘phishing’. This attack is based on the information gathered in the caller’s detail. The fake website is not required to perform this task. It is done by simply creating a fake caller-ID to give an appearance to the target that the call is from the trusted organization. With this, the user promptly give their credentials like PIN, account number, etc.
  • Smishing: Smishing is the term given to SMS phishing. It is a technique used to induce people and reveal their personal information by using text messages through mobiles.

Types of Phishing Attacks and How to Recognize Phishing Email?

  • Spear Phishing

Spear phishing is one of the common types of phishing attacks which is done by sending an email to a particular targeted individual. Do you know, phishers generally get information about individuals from social media sites like Linked-in, Facebook, etc.? They use fake id’s to send emails that look like it is sending from any of their co-workers. For example, a phisher may target an employee in a finance department and send him an email acting like the victim’s manager who ask to transfer large amounts of money in a bank account.

  • Whale Phishing

It is a form of phishing used to achieve big targets. Whale phishing is a technique to trick individuals to gain confidential data. This type of scam generally happens to board members of the company. It is very easy to target them as it only requires the company’s email id to deceive them.

  • Deceptive Phishing

Nowadays, it is one of the most common types of phishing attacks. Deceptive phishing emails involves threatening and scaring to the user by creating urgency. Attackers such as PayTM scammers send emails to the customer asking them to click on the link to rectify a mistake in their account. As the user clicks the link, it takes them to a fake webpage having similar look as that of PayTM login page. Here user enter the login credentials or sensitive information, and this information may either be used for illegal purposes or may sell by the phisher to other hackers.

  • Pharming

It is always important to know the countermeasures against phishing attacks. It is a kind of scamming in which the hacker uses malicious code to install on a computer system or server. That code misdirects users to move on through fraudulent websites without consent and knowledge. “The Phishing without a Lure” can be said as pharming.

  • Dropbox Phishing

Some phishers don’t use ‘baiting’ to deceive their targets. Instead, they send attack emails to individuals or companies. Phishers generally use common popular sites like Dropbox to target the users. For example, there may be an attack campaign by creating a fake sign-in Dropbox page on the original Dropbox site. By doing this, the phishers try to confuse the users while submitting sensitive information. To prevent yourself from these kinds of attacks, just follow two-step verification (2SV), which helps to provide additional security layer to the account.

Now all the aforementioned phishing attacks or email scams primary motive is to convince and to make users believe in order to lure email recipients to act immediately. They con users and want them to click on a link or open the attached file. By doing so, they fall for the scam and released malware installed into the user’s system. For example, the malware installed through phishing scam may be a web Trojan which takes the credentials from the victim’s computer or maybe a key logger that tracks the key inputs of the victim, or a kind of Ransomware that hold or encrypt the sensitive data of the user. Recipients can simply delete or avoid such type of scamming emails to prevent themselves from becoming a victim of cybercrimes.

How to Identify Phishing Email Messages or Links?

Some of the phishing emails have hundred of features to detect scam or unwanted emails. We have tested several different features to find out the nature of phishing email attacks. Moreover, use our customized computer forensic tool to investigation the crime scene wisely. Here we are providing some of the most efficient ways to recognize phishing emails or links which can be used to obtain high accuracy detection for scam emails.

Following are the detailed explanation of each component that ensures to recognize phishing email and filter phishing scams.

  • Limited Life Domains Linked

Phishers are generally registered for a similar-sounding legitimate domain. The registers for the domain name look the same as the company’s domain (such as amazon.com or amazan.com). Phishers may register for these domains from illegally obtained credit cards (that registration can be cancelled by the registrar anytime). Phishers can do incentive use of these domains for a short time after registration.

  • URLs Not Match

Phishers are also exploiting HTML emails by displaying another URL instead of actual. A link is displaying as amazon.com but it is actually fakesite.com. For this, all links must be checked by the user, if the text of the link is a URL and its “a href” tag is hosting different link, then it may be a scamming.

  • Check Links with Text “Click”, “Here”, etc.

Scam emails most often contain the linked text like “Click Here”, therefore know the various countermeasures against phishing attacks. On these links, the phisher intents the users to click on to steal sensitive information from the user. So that other links in the email are maintained to keep user authentic feel such as the links to “Privacy Policy”, “User Agreement”.

  • HTML Emails Deceiving

Most of the emails contain plain text, or HTML, or a combination of both, which is known as a multipart format email. While HTML email does not necessarily indicate it as a phishing email. However, it does make some deceptions as seen in phishing attacks. Attack without using the HTML, technical and deceptive attacks are not possible for a phisher.

  • An Email with Several Links

It is a continuous feature of presenting many links in an email. The number of links means the number of links present in the HTML part of an email, which defines tags with “a href” attribute.

  • Links Having many Dots

This is another way in which the attacker try to represent legitimate-looking URLs. They use subdomains which contains a number of dots in the URL, http://www.google.com/your-bank.data.update.com This may appear as the legitimate link but it is using several subdomains to deceive the user. However, it is a feature by which attacker try to indicate a sign of having a scam.

  • Contains Malformed HTML Java Script

Java scripts can be used to apply features in different ways such as for creating popup windows, to change the status bar of the browser or email client. It may appear in the body of email directly or can be embedded in a link. Attackers generally use these java scripts to hide the code or information from the user. After which, they try to potentially launch a sophisticated cyberattacks.

Final Words

Here in this blog, we have specified various countermeasures against phishing attacks which will help users to protect them from several types of phishing attacks and email threats. Additionally, we have discussed the various ways to recognize phishing email messages or links that helps to avoid phishing scams.