Steve McGregory
Ixia Senior Director, Application and Threat Intelligence
Blog

Phishing - Don't Be a Victim

October 19, 2018 by Steve McGregory

Phishing is the act of sending an email that attempts to fool the recipient into believing the email is from a trusted source in order to gain something from them. What's to gain? Usually Credit card numbers and/or usernames/passwords. cybercriminals have become very good at the practice and this makes detection and avoidance much more challenging. Below are some best practices to follow in order to detect and avoid getting hooked in a email Phishing attack.

Every Email is Suspect

To start, we must begin with a posture where we suspect everything could be malicious. I try to avoid clicking links within an email. If it is something I'm interested in, I will go to the website through my browser without clicking a link in the email; otherwise I delete the email. The material in the email should also be accessible through their website. Also, the age old adage "if it sounds too good to be true then it probably is too good to be true" is a trusty belief.

The Hover Technique

Links within the email should point to the corporate website of the sender. If an email is from Wells Fargo then I expect the links to also point to Wells Fargo. To inspect links you can move your mouse cursor over the link, hover over it but do not click, and you should see the URL being used within that link. For web browsers, the information is usually displayed in the status bar at bottom of your window. If the email is from Wells Fargo, then I'd expect something like "http://host.wellsfargo.com/...". Here's hover in action, the yellow highlighted part is where we inspect to know that the link is pointing to where we expect.

Phishing

The most important part being the companyname.dot-com, the rest will be specific to where that link will take you on the Wells Fargo website. If you see something like "http://host.wellsfargo.trustme.ru/..." then that tells you the domain portion is not part of Wells Fargo; rather some website in Russia. It also could have been"http://host.wellsfargo.trustme.com/..." and it still is most likely not from Wells Fargo, since Wells Fargo hosts at "wellsfargo.com".

There's a limitation for this technique on tablets or mobile phones. You use your finger to click on a link, you cannot simply hover over the link. On a tablet you must hold your finger down on the link until a popup displays asking what you would like to do with the link. Part of the pop-up will display the link information and this will help you determine the validity of the email and link.

Verify with the Sender

If you are a bit suspicious about an email, you should do everything you can to verify authenticity. If it is from a friend, then email or call them and ask if they sent you the email. This technique is not fool-proof as many times the persons account has been compromised and email filters could be deleting email before they see it. If you don't get an email response, you should call as they would benefit from knowing their account has been compromised.

Other Signs of Phishing

Often these emails will have visible issues, like spelling or grammatical errors. They will try to get you to provide sensitive information, and this is the best way to detect. At no time should anyone initiate a request to you asking for your login, credit card, social security, or other sensitive information. Even when a friend is sharing a photo, or file with you, the sharing services do not request that you login or create an account; they should provide you with read access without you submitting information.

I Got Hooked, What Should I Do?

First thing to do is remediate the problem. Change your passwords, starting with your primary mail and banking accounts. Do not feel ashamed, it has happened to most of us and that includes me. To remediate, you will need to find out the scale of the compromise; have they stolen username/password, or credit card, or other information. Once you know what they have, go to the site and change that information or get a replacement credit card. Report the event to the appropriate authorities, your bank, service provider, or your Antivirus vendor who may have missed the attack. Finally, take a look at what you have in place for security and why it didn't help. If you don't have security of any kind, now is a great time to look at deploying something - or even using the free services that come bundled with some operating systems like Windows.

What About "Unsubscribe" Links?

Unless you are absolutely certain the email is coming from a reputable business, don't click. Add the email to your email reader Spam blocker, delete the email, and go on about your day. Many times the "Unsubscribe" link will only result in you getting more Spam. What happens is by clicking the "Unsubscribe" link you have just validated that your emailaddress is valid and they can sell your email to more Spammers. Wish it wasn't like this, but it is and knowing so will help you better in the long run. Knowledge is power...