Recognising a Phishing Campaign

Phishing attacks and campaigns are a constant debated subject in the online security world. We are going to reopen that can worms in this blog post, We are going to be looking at the signs of possible phishing attacks to help prevent you from falling for them.

But what is a Phishing Attack you ask?

Phishing attacks happen when a malicious person acts as being someone else to help gather confidential entry or important information. This may happen in the guise of a website, email, phone number even in person.

Signs of a Phishing Attack

Phishing attacks can come in all manners, with the methods the attackers use which are evolving constantly. However, there are loads of common characteristics that once you know what you looking for the are fairly easy to point out.

Clever Copycat Requests

Loads of these phishing campaigns try to copy the branding or a major company that the intended victim is familiar with. By copying the companies emails and email layouts or phone numbers.

email example:

security_businessname@yahoo.com
businessname@outlook.com

These emails use public email registrars, which can be used to create emails with any names.

acount@bank.com
member@bankk.co
webmaster@gekdimm.com

All these emails share similar domain names as known companies such as webmaster@gekdimm.com instead of webmaster@geekdimm.com. For this reason, its good to be vigilant and ensure the emails are genuine.

Act Fast

The Phishing attack will more than likely add urgency to the email to make the user skip the finer details of the email and click on the link or download the email attachment.

Example
unusual bank account activity
Websites has been compromised
Suspicious offers

No signs

The most fundamental thing to keep in mind about phishing is – Attempts Will Vary. These targeted attacks have become incredibly advanced, The attackers will be able to spoof or hack your manager’s email, and then using the correct data to trick you into thinking they are your target. Stay vigilant, if there are any requests for you to visit any links or any attachments to be opened, Double-check verbally with the sender if possible to ensure the email and request is genuine.

Example of Phishing campaigns

Google Drive Phishing Campaign

Notice how odd it is to be able to use any email provider to login to Google Drive:

Bank Phishing Campaign in Brazil

Notice how the phishing campaign asks for credit card information in the last image.