Phishing: these increasingly sophisticated methods to deceive you


Malicious hackers behind phishing campaigns are particularly imaginative in trying to get you to click on a malicious link or trick you into providing sensitive information such as your credentials. In a recent alert, the English of the National Cyber ​​Security Center (NCSC), the equivalent of the French Anssi, recall the sophisticated forms that phishing attacks can take.

In-depth research

In recent campaigns observed by the NCSC, for example, many malicious links are designed to resemble commonly used cloud services or collaborative tools, such as OneDrive, Google Drive and other file-sharing platforms. In one case, the attackers even arranged a Zoom call with the victim and then sent a malicious URL to the chat bar during the call. They also created several other characters, all actually controlled by the attackers, to trick their target.

These targeted attacks, harpooning, begin first with in-depth research. Attackers use public information, such as that available on social media and networking platforms, to learn as much as possible about their targets, including their business and personal contacts. It is also common for attackers to create fake social media profiles to make their approaches more convincing.

Patience

These attackers are also very patient. They take the time to establish a relationship with their targets and do not immediately ask to click on a link or open a malicious attachment. Instead, they slowly build trust. This process generally begins with a first seemingly innocuous email, often related to a subject which, thanks to meticulous preparation, is likely to interest and hold the attention of the target.

Attackers then send emails to their target, sometimes for a long time, until they have established the necessary level of trust so that the victim has no qualms about opening a link or attachment. The malicious link is sent under the guise of an interesting and relevant document or website for the victim – for example, a conference invitation or an agenda – which redirects the victim to a server controlled by the attacker , a modus operandi recently denounced by a journalist from Liberation.

Campaigns attributed to Russia and Iran

When the victim enters their username and password to access the malicious link, this information is immediately sent to the attackers, who can then exploit the victim’s emails and other accounts. As the NCSC points out, attackers can then monitor email traffic or access their contact list, all information then used to carry out new phishing attacks.

Also according to the British agency, these sophisticated campaigns are the work of cyberattackers based in Russia and Iran, who aim to steal credentials and break into sensitive systems. These campaigns are unrelated, but the tactics employed overlap, simply because they are effective. “We urge organizations and individuals to remain vigilant to protect themselves online,” said Paul Chichester, NCSC’s director of operations.

Vigilance and protection

In addition to increased vigilance, the NCSC recommends using a strong password to secure your email account, separate from the passwords of your other accounts, to avoid later attacker bounces in the event of the first password being compromised. pass.

Another way to protect your account against these phishing attacks is to enable multi-factor authentication, which can prevent hackers from accessing your account even if they know your password. Finally, you should protect your device and your network by downloading the latest security updates, a way to prevent hackers from exploiting known software vulnerabilities to launch attacks or gain access to your account.

Source: ZDNet.com





Source link -97