What is Phishing and How to Protect Ourselves from Phishing Attacks

2022-08-10, 08:41


[TL;DR]


- Phishing is majorly centered on exploiting un-knowing victims to get their important details.
- The common phishing attacks include deactivation of accounts, compromising credit cards, exploiting social media, disguising as support, team, etc.
- Types of phishing attacks include spear phishing, whaling, smishing, vishing, search engine phishing, etc.
- Some signs can be used to ascertain whether something is a phishing attack. Some signs include a "too good to be true" offer, spelling mistakes in hyperlinks, attachment files, a sense of urgency on the offer, etc.
- There are several ways to prevent a phishing attack. One is to stay abreast of the new phishing methods to protect yourself from them.

Keywords: Phishing, attack, email, Hack, victim, information.


In the history of cyber attacks, Phishing is one of the oldest. It had existed since the 1990s when AOL was a leading ISP (Internet Service Provider). Through Phishing, hackers could exploit large customer bases by trading pirated and illegal software and tools, stealing user details, and generating random credit card numbers. Using these random credit card numbers, these hackers opened new accounts and spammed other AOL members. However, AOL changed its security measures too quickly to stop this.



SentinelOne


The black market for Phishing became fully organized in 2004 as it evolved into a profitable business. Based on a Gartner study, 1.2 million U.S. computer users suffered phishing losses totaling $929 million between 2004 and 2005. The main tactic used by phishing attackers during this period was popup windows to gather sensitive information.



Phishing attacks in Cryptocurrency



Financial assets have been subject to scams for a long time before blockchain technology and cryptocurrencies were invented. Phishing scams are the same in cybersecurity as well. Crypto phishing scams are designed to defraud unsuspecting money or personal information victims.


With cryptocurrencies becoming more popular and users trying to profit from these new digital assets, phishing scams are increasingly unimaginable. The Phishing Activity Trends Report for Q4 2021 published by the APWG found that phishing attacks hit an all-time high in 2021. The number of attacks reported in December surpassed 300,000, more than three times what it was two years ago.



APWG trend


Additionally, the 2021 report indicates increased phishing attacks targeting cryptocurrency companies. The number of these attacks now accounts for 6.5 percent of all attacks. Clearly, cyber criminal gangs are evolving their strategies to target the most lucrative targets.

As a result, phishing attacks against brands declined in December, following several months of growth. Still, there were over 500 attacks, demonstrating how cybercriminals are extending their scope of attacks.

Cryptocurrencies facilitate better privacy protection, making phishing scams in crypto potentially dangerous..



Chainalysis



Common crypto phishing attacks



The cryptocurrency space is particularly susceptible to phishing attacks of the following types:


Spear phishing attack

Targeted attacks, such as spear phishing, are targeted at a specific person or organization. Using previous knowledge about their target, the phisher will tailor the phishing email to appear legitimate to the target. As an example, the attacker may spoof an email that appears to be from a person or organization that the victim knows. This is followed by adding a malicious link that appears to be innocent.


Whaling attack

A whaling attack is a different type of phishing attack as it targets high-profile persons in an organization. An example is a phishing attack on the CEO of a company. This form of attack is dangerous and can lead to the wreck of a company's entire network.


Clone phishing

An attack like this takes place when a phisher duplicates a legitimate email sent in the past to the target.

An attacker sends the victim a malicious attachment or link instead of the original. Due to habit or familiarity, a victim is more likely to click on the link in the email since it looks identical to one they received previously.


DNS hijacking

In DNS hijacking, legitimate DNS entries are changed to redirect victims to a fake website. Phishers change DNS entries to point to a different IP address to execute the attack. It redirects victims to the attacker's fake website instead of the legitimate website.

Malware is then installed on people's computers, routers are taken over, or DNS communications are interfered with.


Crypto-malware attack

In crypto-malware attacks, victim files are encrypted, and a ransom is demanded to decrypt them. Various methods can spread it, including phishing emails, malicious websites, and fake browser extensions.

The malware encrypts the victim's files and displays the ransom message on their screen once installed on their computer.



What are the signs of a phishing attack?



It's important to recognize phishing attacks to prevent them. Many features can be spotted in phishing attacks to prevent the theft of personal information, including:


Unbelievable:

You should avoid announcements or attention-grabbing statements that promise something impossible. In these phishing scams, the victims are told they have won a prize even though they haven't entered any contests. The chances of something being true are high if it seems too good to be true.


Indications of urgency:

You should be cautious of messages urging you to act fast or claiming that you have only a few minutes to respond before losing your account. Generally, reputable organizations do not ask for updated personal details over the internet and give you plenty of time to respond.


Spelling or grammar errors

Phishing emails often contain grammatical errors. The average phisher is usually in a hurry to send their message and doesn't take the time to proofread. There may be cases when they are unfamiliar with the language they are using. Phishing emails have obvious errors, so you should avoid them.


A strange sender:

Whenever possible, avoid clicking links or opening attachments in emails sent by someone outside your organization that isn't related to your job responsibilities or has an unusual domain name.



How to prevent Phishing attacks



The following tips will help you avoid crypto phishing attacks:

- Be cautious when opening emails, especially if attachments or links are included. Contact the sender directly if you are uncertain about an email.
- If you don't trust the source of a link or attachment, do not click on it.
- Upgrade your operating system and software as often as possible.
- Ensure your passwords are strong and don't reuse them across multiple accounts.
- It is recommended that two-factor authentication be enabled whenever possible.
- Make sure you don't give out personal information to other people, such as your wallet address.
- Choose a cryptocurrency exchange and wallet that are reputable.
- You should be cautious of websites that appear too good to be true or seem suspicious. If you're uncertain, check whether it has been reported as fake on the internet.
- Ensure that you do not download browser extensions from unreliable websites.
- When using public Wi-Fi, use a VPN to connect to the internet.



Conclusion



It is more important than ever that crypto users remain vigilant when handling crypto transactions. Keep an eye out for suspicious emails, texts, and links on your device. The more you understand each phishing attack in the crypto domain, the less likely you are to be caught by it.


There are many use cases for Cryptocurrency beyond financial applications. Protecting your assets from phishing attacks will not only safeguard your assets but also encourage trust in your crypto exchange.







Author: Gate.io Observer: M. Olatunji

Disclaimer:

* This article represents only the views of the observers and does not constitute any investment suggestions.

*Gate.io reserves all rights to this article. Reposting of the article will be permitted, provided Gate.io is referenced. In all other cases, legal action will be taken due to copyright infringement.

Share
gate logo
Credit Ranking
Complete Gate Post tasks to upgrade your rank