What Is Phishing?

Hello. And welcome to Section 1.1 of the Attacks course, Phishing. I’m Lisa Gilbert. And I will be sharing a lot of helpful information so you can understand this type of attack and defend against it. In our discussion of phishing, I will first define phishing and why it is important to understand and prevent. Next, I will discuss what attackers are trying to accomplish. Then I will explain why everyone is at risk, and explore the red flags and warning signs that an attack is taking place. We will also explore some of the tactics used by attackers, and I will share several real life examples. Lastly, I will describe how you can protect yourself and your organisation from a phishing attack.

Before we can discuss phishing, we need to understand what it is. Phishing is the fraudulent attempt to obtain sensitive information by disguising oneself as a trustworthy entity in an email. Let’s discuss why this is important, what attackers are looking for, and how they carry out their nasty business. Why is it so important to understand and prevent phishing? According to the United States Secret Service, 91% of all cyber attacks begin with phishing. What are phishing attackers trying to accomplish? It could really be any number of things. First, they frequently are trying to harvest personally identifying information or PII.

This includes not just things like your name and address, but other information like your social security number, your passport number, possibly your medical insurance account number. They also look for financial information, like credit card numbers, bank account information, and any type of financial transaction. They look for any invoices or debts that you may owe, because this is information they could use to try to trick you into sending them money. Depending who you work for, attackers may be very interested in the way your company is structured and how you communicate with your colleagues. Those working for military contractors or technology innovators will be considered especially valuable targets.

Attackers also look for any login credentials, including passwords, and will try to gauge your defensive posture. Attackers are not just interested in what they can harvest from you immediately, but in planting malware that could be devastating to you or your organization. Some of the things they like to deploy include key loggers and remote access Trojans, also known as RATs, so they can continually steal information and access your network whenever they like. Lastly, ransomware attacks almost always begin as phishing attacks. It only takes one unsuspecting individual in an organisation to click on a link in a phishing email to infect the entire network. Who is at risk? Literally anyone who has an email account is at risk for a phishing attack.

I am certain everyone listening to me has received multiple phishing emails, and I know professionals who teach cyber security like I do who have clicked on links in phishing emails. Attackers can be very sophisticated and can trick even the smartest users. And it’s important to recognize how much of a risk this is. Just from June 2016 to June 2020, global losses due to phishing attacks are over $26 billion US dollars. Here are some red flags to look for in an email that should make you suspicious that it could be a phishing attack. First, there is usually a sense of urgency.

For example, your Amazon account is going to be suspended, or you have an invoice that is due that could get sent to collections. Often, the author of the phishing email will claim that they are out of the country or about to leave and you won’t be able to contact them. Poor spelling and incorrect grammar are common clues to phishing emails, although, I also receive legitimate emails with poor enough grammar that I think it could be a phishing email. And some phishing emails are perfectly composed with no obvious errors. If you make the mistake of responding to a phishing email, you may get multiple emails back with instructions, usually for sending money.

The most obvious indication that you have received a phishing email is that there is a link or attachment for you to click. These are used to deliver malware or to direct you to a malicious website. If you try to investigate the sender, they may have no prior web presence that you can find. The sender of phishing email may want to communicate through untraceable chat applications like Whatsapp or Telegram. They may also ask you to send nontraditional hard to track or non-reversible payment. They almost never ask to be paid with a credit card, instead preferring wire transfers, gift cards, or Bitcoin.