Who hasn't come across a phishing email at some point?
Phishing refers to a fraudulent technique involving an attempt to defraud someone by sending an email. Cybercriminals obtain personal data, login credentials, and/or banking information to use them for fraudulent purposes (source: cybermalveillance.gouv.fr).
While we receive phishing emails in our personal inboxes every day, work inboxes are also affected by this scourge. This often underestimated threat now affects every company or organization. It can have serious repercussions on their operations: slowing down or completely halting business, theft of sensitive data, damage to their image and reputation…
Once easy to spot, these email scams are becoming increasingly sophisticated. Phishing attacks are becoming more and more organized, and even the most tech-savvy internet users can sometimes fall for them.
But how do cybercriminals manage to lure us into their trap?
Breach of trust, data updates, identity theft… Although phishing attempts are easier to spot today, hackers are using new, highly sophisticated techniques to catch us off guard.
They manage to create increasingly realistic phishing pages : the email’s design incorporates elements from a real company. Sometimes, they include the logo and signatures of actual people who work with you. These fake emails redirect you to a fraudulent page that looks exactly like your internal software’s page. These fake sites have a web address that’s very similar to the one you expected.
Sophisticated methods for increasingly organized phishing
In the article Spread of Phishing and Viruses, Le Journal du Net presents the new methods used by cybercriminals:
- They send massive spam campaigns using networks of computers with unrecognized IP addresses. Traditional spam filtering tools that rely on signatures or reputation are unable to identify these messages as spam. This allows well-organized phishing emails to bypass filtering systems and land directly in employees’ inboxes.
- The viruses spread through these fraudulent emails are also becoming increasingly sophisticated. Once it has secretly infiltrated a network, a modern virus can be controlled remotely and activated as needed. For example, it can steal your contact information or encrypt all your files with a password.
- Some phishing emails contain URL links that can be activated remotely once they bypass filtering tools. This technique allows phishing emails to bypass filters undetected, since the URL links point to entirely legitimate content. Once the filters are bypassed, hackers activate the links to redirect users to fraudulent phishing sites.
There are other complex techniques:
- Usingremote images also helps bypass spam filters. Since they are hosted on the web, remote images are downloaded for analysis, unlike embedded images, which are analyzed in real time. By increasing the number of redirects, hackers are able to prolong the time it takes to identify a phishing attempt.
- Cybercriminals manipulate Google search results by redirecting traffic from legitimate websites to malicious ones. They also manage to bypass phishing detection systems by creating non-existent pages that display a "404 error." When a user clicks on the link, they are automatically redirected to the malicious site.
What can we do?
These days, hackers seem to always be one step ahead of their victims. They adapt to current events and create scams that are increasingly tailored to the current situation.
Cybercriminals’ tactics are constantly evolving. You must therefore be prepared for the emergence of new organized phishing techniques. So don’t waste any more time—protect yourself! With the cybersecurity awareness tool offered at Avant de Cliquer, your users will develop good habits. A better anti-phishing solution will help you identify critical situations so you can thwart cybercriminals’ plans.
