How To Identify A Phishing Attack: Picking A Suspicious Message Apart Piece By Piece

Yesterday, a colleague of your correspondent was wondering if a suspicious SMS message they received was a scam. The following message read:

When receiving such a message, it is common for the panic and anxiety alarms in our brains to go off, urging us to “act now, act now!”. It is in our human nature to want to quickly solve problems when they arise, as well as to answer calls that appear to be desperate. However, when we are so afraid of the consequences of not acting to fulfill a task, we do not stop to think about whether it is a good idea to act at all.

By playing with the urgency-response mechanisms in our brains, this is how most hackers are able to claim phishing attack victims. As an individual receiving this message, think about what you would do: Would you click on this link, or would you refrain? Most people believe that there is only one option (to click on the link), and they never stop to investigate whether the message they received is actually a dangerous trap from a malicious hacker. In this post, we will be analyzing the characteristics that identify a phishing attack, as well as sharing some tips on how to control link-clicking impulses.

FIRST: WHAT IS A PHISHING ATTACK?

According to csonline.com, the definition of a phishing attack is “a cyber attack that uses disguised email as a weapon”. With developments in mobile phone and social networking technology, hackers are also able to launch malicious attacks via SMS (“smishing) or in chat areas on Facebook, Instagram, Snapchat, etc.

We can therefore define the basic definition of a phishing attack as

WHAT HAPPENS WHEN YOU CLICK ON A BAD LINK?

Although it seems obvious, many people do not consider the negative consequences of a phishing attack to take place immediately. To clarify: As soon as a user clicks on a malicious link, their privacy and personal information is immediately violated. If your account is hacked, you may not notice any negative consequences for an extended period of time (one to two weeks, a month, or even a year), but as long as an adversary has access to your personal information, your privacy is in danger.

As soon as the malicious link is clicked on, a multitude of dangerous things can happen:

• Hackers are able to access/steal the personal information on your device.

By clicking on a malicious link, a user can give a hacker access to all the contents held on their device (computer, phone, tablet, etc.). From the example of 2016’s notorious email hack, hackers are also able to steal passwords. With the password to John Podesta’s (Hillary Clinton’s campaign chair) gmail account, hackers were able to dump numerous secrets from Hillary Clinton’s emails onto the internet. In many other cases, hackers steal a user’s personal information to sell on the dark web or to commit identity theft.

• The user is lead to a dangerous or fraudulent website

Clicking on a malicious link without looking at where the address is going may result in a user ending up at a dangerous website where their personal information could be stolen. While on a fraudulent website, a user may also be exposed to scams, vulgar content, or be persuaded to click on dangerous attachables that will open malware on their computer.

• Malware and malicious programs can be downloaded onto a user’s machine.

Hackers often include malware in malicious links, in which once the link is clicked on, dangerous programs are released onto a user’s computer. Examples of malware-phishing attacks can include anything from viruses, ransomware, bots, spyware, Trojans, (etc.). For more information on types of malware, view our earlier piece “9 Types Of Malware & Malware Examples”.

• The user’s machine is destroyed/zombified

Adversaries are able to launch debilitating DDos campaigns through phishing attacks, rendering a user’s machine useless. Attackers can also choose to destroy or corrupt a user’s important data. They can change a user’s system to fulfill their needs (monetary, revenge, or good old fashioned “break things for fun”); in many cases, this type of data-damage is irreparable.

CHARACTERISTICS OF A PHISHING ATTACK

The following is an outline of characteristics gleaned from common phishing attacks. If a user receives a message that they believe is suspicious, they should always run through these checks to investigate whether the message is a cyber attack:

1. Bad grammar/spelling

When writing an email for work, wouldn’t you use professional grammar and spelling? Of course you would, and your colleagues would too! In most work settings (as well as any other professional environment), it is best practice to proof-read your messages to ensure that they come across as serious and appropriate.

Most hackers are usually not up to the same caliber of professionalism. Phishing attacks full of typos and grammatical errors reveal that the sender is likely not from your same professional environment. Oftentimes, many adversaries are from foreign-speaking countries but send messages written in English. To a native English speaker, it should be apparent that a sender has not had formal training in English spelling and grammar when there are numerous typos in one email.

2. A suspicious link

If you receive a message with a suspicious link attached, never click on the link before hovering over it to see where the address is taking you. It is very easy to find out whether a link is from a legitimate site or whether it was sent from somewhere dangerous. Simply hover over the link and look at the address’ contents as they appear in the bottom right-hand corner of your screen. If you see that the link’s contents include an obscure website or an unintended windows/linux machine address, do not click on it!

3. An unknown contact

Receiving a phone call with “No Caller ID” is always suspicious. We have no idea who is calling until we decide to take the call, but even then, we don’t know who if the caller is a scammer or not. The same suspicion should be shared when receiving an email or text from an unknown contact. Like “No Caller ID”, we have no way of knowing whether the sender of the message is really who they say they are.

If you are not expecting an important message from an individual named “Dan” whose address reads that he is currently in Belarus, then you should view the message with suspicion. The rule is that whenever receiving a message from an unknown person, always act cautiously.

4. A sense of urgency

All adversaries employ a sense of urgency in phishing attacks to make victims act fast in responding to what they are asking for. By invoking urgency in their messages, hackers will spark panic in an individual by giving them a tight time frame to act to save their account or information. For example: In this article’s introduction, the adversary gave a victim 24 hours to redeem their AT&T plan or else their plan would expire (leaving them without cell service). Usually, legitimate sources would give several warnings in advance if there was a problem with an account, but to receive a message with such an urgent time frame should summon suspicion.

5. Is it too good to be true?

If you receive a message saying you won $1,000 in a sweepstakes you never entered or a letter from an expelled prince who needs to borrow your personal info to sneak himself back into his country to reclaim his throne, chances are it’s a complete scam. Ask yourself honestly: is the scenario too good to be true? Did you really take any actions to fulfill the claims of outrageous prizes or awards? Most often the answer is no, so do not click on the link in any circumstances.

6. Capitalization, special characters, crazy words

We all know how quickly emails in an inbox tend to stack up, making it difficult to keep track of the hundreds of messages that we receive every week. We can then appreciate hackers for designing their spam to stand out. Adversaries will often include capitalization, special characters, and crazy words in the subject lines of emails, such as “READ THIS!” or “CLICK@HERE-4-FUN!!!!” in order to get victims to spot their message and open the attack.

When scrolling through your inbox, be sure to automatically delete any messages that subscribe to this style of writing. Remembering our prior rule, if a message is unprofessional, it is likely written by a scammer who is trying to attract the attention of victims. Therefore, keep a dedicated spam folder or move such messages to the junk folder to be deleted.

7. Asking for personal information without an explanation for why or what it will be used for

When you receive a message asking directly for your personal information without an explanation for why, it is an obvious attempt to compromise your privacy. In this day and age, it is essential that we take more caution as a society with who we choose to trust our personal information with. When online and on social media, there is not much transparency in what our personal data is really used for (unless a company or website explicitly proves their data-collection to be legitimate).

Therefore, anytime that a suspicious individual or organization asks you for your personal information, do not give them anything. Never give any information without proof that it will be used lawfully and for legitimate purposes that have your consent.

HOW TO AVOID PHISHING ATTACKS

Now that we have covered the common characteristics of phishing attacks, we can finally describe how to avoid falling victim to clicking on malicious links. It is highly suggested that a user applies these tips whenever they receive a suspicious message:

1. STOP. SLOW DOWN, READ, & RE-READ

The first step is to literally “freeze your fingers”! Most users fall victim to phishing attacks because they are in such a rush to get through the message. However, once they fast-click on a bad link, the consequences of the attack cannot be undone. Therefore, slow down. Read the message thoroughly and pay attention to see if any of the suspicious characteristics listed above stand out. Re-read the message multiple times, if necessary.

2. CHECK WHERE THE LINK IS GOING TO

If you are unsure about a link provided in a suspicious message, check where the link is taking you before you click on it. As stated before, hover on the link to see the full address, which will appear in the bottom right-hand corner of your screen. It is also smart to open a separate window and do some research about the site before you visit it. You may be able to find out if the message is a scam from legitimate sites or other users who have posted warnings. In addition, always go to the official website and manually log-in before clicking on a link that is claiming to take you to a needed page.

3. THINK BEFORE YOU ACT. Ask yourself the following questions:

• Do I know who the sender of the message is?

• Do I expect such a message to be sent to me?

• Did I create an account with this company? Do I have any affiliation with them?

• Are the contents of this message too good to be true?

• Why would I be receiving this message? Is it truly important, or is it a scam?

4. ASK FOR A SECOND OPINION

Sometimes it may be beneficial to ask for a second opinion on whether you have received a malicious message or not. This is something that you do not need to hesitate on. It is much better to get the judgement of your coworkers, friends, or family rather than to suffer from a cyber attack. If uncertain about a message, show it to someone you know has good sense. Since two minds are better than one, think about the “consequences of clicking” together and decide on the right decision.

CONCLUSION

“Your AT&T account is currently unregistered. Click to redeem your account at 99481573 to continue with your cell plan. *If you do not redeem your account with this link, your AT&T plan will expire in 24 hours*.

Going back to the suspicious message that the colleague of your correspondent received, it should be said that they made the right choice to not click on the link included. By picking the message apart piece by piece, they decided not to click on it for the following reasons:

1. There was an apparent sense of urgency (a 24 hour time limit with no previous warnings is suspicious).

2. The link itself was not coming from AT&T. When they hovered on it, they saw a suspicious address coming from an obscure machine.

3. The sender was not AT&T, but was an unknown number. They researched the legitimate number on AT&T’s site, and found it did not match the number of the sender.

As demonstrated, users who decide to investigate before they act can improve their personal cybersecurity. After you identify that a message is spam or hosts dangerous content, be sure to immediately report it to a legitimate phishing monitor such as the Federal Trade Commission’s Complaint Assistant (www.ftccomplaint.gov). Hopefully, after this exhaustive tutorial, you are now more confident and capable in safeguarding your personal information. Since phishing attacks are one of the most frequent (and successful) cyber attacks, it is vital that users take the time to practice anti-phishing protection. To wrap everything up, remember: BE SAFE. FREEZE YOUR FINGERS! THINK BEFORE YOU CLICK!

SOURCES

• Header & Other Images Courtesy of pixabay.com

• FTC Complaint Assistant

• csonline.com “What is phishing? How this cyber attack works and how to prevent it” by Josh Fruhlinger

• digitalguardian.com “Phishing Attack Prevention: How To Identify & Avoid Phishing Scams In 2019”