Phishing Malware Haunting Internet Users Worldwide

Apr 27, 2019

phishing-malwareThe cyber world has so much to offer; something to learn, something to earn, and something to be afraid of. If you think you know all the dangers of the virtual world, then let me welcome you in reality; I am not saying that you are living in a fool’s paradise, but it’s a fact – we are getting smarter, even anti-threat tools are also becoming more accurate, but scammers are still succeeding.

Do you know why? Because, cybercriminals have evolved to stay one step ahead of their own marks; if they didn’t act that way, they would fail, and then start looking for a real job.

Jokes apart, both the number and the ways of cyber attacks have evolved tremendously; phishing being the most used (90% data breaches) campaign, use social-engineering techniques. Last year, the growth rate of phishing was 65%,  affected 76% of businesses.

Don’t know much about Phishing malware?

At your service!

What is Phishing Malware? It’s More Disastrous than it Sounds

Phishing and malware are the two-interrelated words – one is the malicious software, the other is the carrier, spreading malware, ransomware, spyware, adware, and other wares. In phishing, scammers create malware-packed messages lured with monetary promises or financial or physical threats; people get scammed out of tens of thousands of bucks, companies even lose more; thanks to those 1.5 million new phishing sites that are created every month.

Phishing uses disguised email as a weapon to trick the email recipient into believing that the message is important or something they want or need — a note from the firm you joined or a request from your bank — and to click a link or an attachment. The purpose of phishing is often to direct the targets to a malware installation; thanks to the human element, for making phishing more appealing and convincing.

How do they succeed? It’s pretty simple; the attackers masquerade as a trusted person or entity (often a plausible real or real person, or a company you might working with). Though this practice is old school but still effective and the most popular among hackers; sophistication is also being practiced. To conduct this erroneous act, scammers use phishing and email kits, that is available on the dark web.

Check how cyber artists use phishing kits to send us seemingly-legitimate emails.

phishing-kits

Ok, once you receive the malicious email, what does that malicious malware does to you?

Let’s see.

Typically, malware collects sensitive information – passwords and usernames then send it to criminals – they also complimentary download and install some other malware.

The malware can then join your computer to a ‘botnet.’  A botnet is a collection of infected computers controlled by criminals from afar, often used to create scam and spam campaigns.

There are different types of phishing scams; you should know them so that you can prevent yourself with all the potential phishing skills of a phisher.

Types of Phishing Malware

Deceptive Phishing – Email claimed from a recognized source, asking to verify the account, re-enter credentials, and/or make a payment. What would you do if you receive this message?

“Your PayPal account has been suspended due to suspicious activity. Please click here immediately to verify your legitimacy. It is imperative to speak to you.

Click for a lifeline regret!

CEO Fraud – Hackers use the email address like the one that is of an authoritative figure (of your association), requesting payments or data from others in the company; whaling attacks don’t spare harpooning top executives.

Do you know, CEO fraud attacks up 2,370% from 2015.

Spear Phishing – A more sophisticated one where the actor uses available info. to throw their requests at you. Its common place is the social media sites, where we post everything about our personal life.

According to a report, 91% of cyber attacks start with spear-phishing email; means this is the good source of every data breach.

Dropbox Phishing – A more realistic emails claiming from the Dropbox requests you to ‘secure’ your account or download the given attachment.

Be it our tax details, financial info, business documents, personal pictures, and whatnot, we store almost everything in Dropbox; the benefits aside, the more the data means more the rewards for a phisher to phish a dropbox.

Pharming – Fraudsters hijack the domain name of a website to redirect users to an imposter site; it’s phishing without a lure. Pharming is a practice in which malicious code is installed on a computer or server, misdirecting to fraudulent Web sites without their consent.

Google Docs Phishing – A message is an invitation to view documents (Google Docs); once you click, you’ll find the Google drive as the landing page, but providing your credentials will take you straight to the scammers.

You must be thinking how Google Docs can be used to trick? If you are still unsure, then search how a million people were affected by the Google Docs phishing attack in 2017?

You will be sure then.

Want to know a recent trend among phishers?

Have a look!

Phishing Malware With Fake Google reCAPTCHA – Something New

A recent discovery in the phishing world is a scam peddled with malware, masking malicious landing page with a fake Google reCATCHA system.

The campaign targeted a Polish Bank with emails containing malicious PHP file; researchers informed that it was BankBot malware to be downloaded on to the victims’ systems.

So, what to do, how to stay safe from phishing malware attacks?

This is where experts jump in.

Tips to Prevent Phishing Malware – It’s Way Easier then You are Thinking!

  • If it’s deactivation scares – Click the link and look at the address bar closely; if it’s the same as intended, you’re good to go. Better still to close the email and search the website directly.
  • If it goes directly to jail – Calm down and re-examine the warning – are there any details regarding the illegal activity? The scams don’t offer such details.
  • If it’s from the tech support team – Call anyone you know with knowledge in the IT or check whether the given number is legitimate or not.
  • If it’s look-alike websites – If the link seems from the legitimate domain? Then go ahead otherwise, close the email and search the original website.

The number of ‘Ifs’ is limitless, it’s you and me, to remain proactive; follow these basic attention-paying decorums before taking any step in the exciting yet turbulent world of internet.

  • Reinforce your online security – Using one of the VPNs with the best features can save you from malicious websites, can’t let hackers know your web traffic, prevent you from spam emails, keep phishing threats away with the help of firewall, and keep your browsing sessions secure.
  • Direct your focus towards “to and from;” if it’s someone you don’t know or have never heard of, don’t click.
  • Hover over your mouse to the sender – if it appears actual sender, then you can go ahead.
  • If the email sent to so many users, find if any other email/s look alike your email address with slight variation; then it’s guaranteed from the scammer.
  • Read the entire email carefully; if you find poor grammar and/or typing errors; then immediately adjust your spam settings to mark such emails as spam.
  • Check the spelling of the URLs in the links attached before click or enter any information.
  • If you find any email suspicious, contact that source, rather than hitting reply.
  • Limit the data to be posted on social media; try to avoid posting your birthday, vacations, address or phone number. This help scammers to get your personal info.
  • If you have clicked a suspicious link in an email, immediately close the webpage and run an antivirus quickly.

Before leaving you in the world of phishers and hackers back, let me share with you some frequent WILD ATTACKs; don’t fall for them!

“IN THE WILD” Attacks

  • Microsoft: Re: Important Email Backup Failed
  • Amazon: We tried to deliver your package today
  • Wells Fargo: Your contact information has been updated
  • Office 365: Change your password immediately
  • Amazon: Refund: Valid Banking Details Needed

Seems Fishy? Remain OFF the Hook

Hackers and phishers would always be a step ahead then our consciousness, but this doesn’t mean we can’t do anything. If we remain alert and proactive, and take our privacy and security seriously, then phishers can fall-back, at least to a certain extent.

Anyways, wish you a phish-free world, only if you know how to swim!