What is phishing: how to avoid becoming a victim of hackers

What is phishing: how to avoid becoming a victim of hackers

Regular Internet users, entrepreneurs, and entire companies suffer from phishing attacks. This type of cybercrime is one of the most insidious—fraudsters disguise themselves as well-known companies.

What is phishing?

Phishing (from the English “phishing,” derived from “phone phreaking”—hacking phone systems—and “fishing”) is a type of internet fraud used to obtain users’ identification data. It is utilized to steal passwords, card numbers, bank accounts, and other confidential information.

Typically, a phishing attack involves the creation of fake websites that mimic the web pages of popular companies such as social networks, online stores, streaming services, etc. Hackers hope that the user will not notice the forgery and will enter personal data, such as card details, login credentials, and passwords, or phone numbers. If the person does this, the fraudsters gain access to their information.

The main problem with phishing is that no software can fully protect people and companies, as fake websites are difficult to distinguish from the originals. Everything depends on the potential victim—how attentive they are and whether they can recognize the fake. It all comes down to the human factor, which even the largest technology companies are vulnerable to.

The Consequences of Phishing Attacks

Phishing attacks can have far-reaching consequences. A striking example is the 2014 hacking of Sony Pictures Entertainment. The hacker group “Guardians of Peace” studied the company’s employees’ profiles on LinkedIn and sent them emails containing virus-infected files. Once the files were on the company’s corporate computers, the attackers were able to monitor activities and remotely control devices for months. Soon, the hackers leaked several unreleased movies online, including Fury, Annie, William Turner, and Still Alice.

Additionally, the attackers stole personal data of 3,803 Sony Pictures Entertainment employees and their family members, internal email content, salary details, and copies of unreleased films.

The cybercriminals stole over 100 TB of data, making it one of the largest corporate hacks in the U.S.

The U.S. government blamed North Korea for the attack. It was speculated that the hacking was North Korea’s retaliation against Sony for releasing The Interview, a movie that portrayed Kim Jong Un in an unflattering light and depicted a plot to assassinate him. The “Guardians of Peace” group demanded the cancellation of the film’s release. After the hackers threatened to leak the stolen data, some provocative scenes were removed from the film, but it still received negative reactions from Pyongyang. As a result, due to the phishing attack and pressure from North Korea, the film was not released in all countries, and some U.S. theaters even canceled screenings.

How Common is Phishing Among Hackers?

The number of phishing attacks increases each year. According to the Hi-Tech Trends 2020/2021 report provided to RBC Trends by the international cybersecurity firm Group-IB, the number of detected and blocked phishing resources in 2020 increased by over 118% compared to 2019. This trend has been ongoing for years. In 2019, Group-IB blocked 14,093 phishing pages, whereas in 2018, only 4,494 were detected.

Hackers most frequently impersonate the following types of resources:

  • Online services (39.6%)
  • Email services (15.6%)
  • Financial institutions (15%)
  • Cloud storage services (14.5%)
  • Payment services (6.6%)
  • Betting companies (2.2%)

Cybercriminals operate based on user demand for internet services. In 2020, phishing attacks targeting cryptocurrency projects nearly disappeared due to waning interest in crypto. However, during the crypto boom of 2017-2018, they were a favorite target of phishers.

“Since February 2020, we have seen COVID-19 topics being actively exploited in malicious campaigns, particularly in phishing attacks against companies in the U.S., New Zealand, Russia, and Asia-Pacific countries,” states the Group-IB report.

During the pandemic, governments implemented various financial relief programs, and banks allowed borrowers to defer loan payments. In Russia, users could apply for government financial aid via official websites or online banking services. Fraudsters created counterfeit versions of these websites, tricking inattentive users into submitting their personal data.

What Are the Goals of Phishing?

Phishing attacks are used to steal valuable data such as bank card details, logins, and passwords for website accounts. Hackers may also blackmail victims, demanding money in exchange for not publishing their stolen online data.

Phishing is also one of the methods used to gain access to someone else’s Apple ID. According to Group-IB experts, Apple ID theft is the most common type of attack on iOS users. If successful, fraudsters gain access to iCloud storage and device backups, allowing them to retrieve saved files. This is how intimate photos of celebrities often leak online.

The Most Common Types of Phishing

Phishing websites can be distributed in two main ways:

  1. Via Email or Instant Messengers
    These messages are sent under the guise of legitimate organizations, such as banks, regulatory agencies, or government institutions. They contain attachments with hidden malware, links to fraudulent websites, or requests for money transfers.

    In the spring of 2020, Moscow residents received SMS messages about “fines” for violating lockdown rules. The message demanded payment within 24 hours to avoid criminal liability.

  2. Through Search Engine Manipulation
    Cybercriminals often become active ahead of major events, such as new iPhone launches, Black Friday sales, holidays, and sports events. Users rushing to make purchases may not scrutinize website details and fall victim to scams.

    Before Black Friday in 2020, Group-IB experts identified over 400 fake websites mimicking AliExpress and 200 clone websites of various online stores.

Phishing attacks can also be categorized by data collection methods:

  • Fake websites: Hackers replicate the design and domain of legitimate websites to mislead users. A single letter in the URL may be changed, making it difficult to spot the difference.
  • Malicious files: Often in .rar format, these files contain malware that collects user data and sends it to attackers.

Who Can Fall Victim to Phishing?

According to Group-IB, phishing attacks do not only target ordinary users. Entrepreneurs searching for products online may be lured into purchasing from counterfeit websites.

Remote banking system users, such as accountants and finance professionals, are also at risk. Hackers create fake versions of well-known financial sites or infect them with malware.

For example, in June 2017, hackers stole money from a Moscow company’s account. The company’s employee searched for information on personal income tax for foreign companies, clicked a malicious link, and unknowingly downloaded the Buhtrap banking Trojan. The attackers gained remote access to the company’s account and withdrew funds.

Notorious Phishing Attacks

One of the most infamous phishing attacks targeted Hillary Clinton’s 2016 presidential campaign.

In March 2016, John Podesta, Clinton’s campaign chairman, received an email with a phishing link, prompting him to change his Google password for security reasons. He followed the instructions and unknowingly gave hackers access to his inbox.

In April 2016, cybercriminals created a fake email from Podesta and sent messages to Democratic Party staff containing a file named hillaryclinton-favorable-rating.xlsx. The link led to a hacked website that infected Democrats’ computers and stole their data. These emails were later leaked to WikiLeaks, exposing confidential communications within the Democratic National Committee.

How to Avoid Phishing Scams?

  • Do not click suspicious links in emails, social media messages, or instant messengers.
  • Avoid downloading apps from unsolicited messages.
  • Carefully analyze website URLs. Phishing domains often differ by a single character.
  • Update your browser to the latest version.
  • Use the tcinet.ru website to check a domain’s registration date—fraudulent websites usually exist only for a few days.
  • Avoid making online purchases on unverified websites.
  • Use a separate bank card for online shopping.

Phishing in Social Media

On Meta platforms, you may receive messages instructing you to follow a link to avoid losing access to your account. No matter how convincing the sender seems, remember that Meta will never contact users this way. Avoid clicking such links and mark these messages as spam

This text is available in Հայերեն