How Have Phishing Scams and Stealing Billions?
The primary goal of using software has been to make tasks easier to carry out. Software as a Service (SaaS) is a booming industry nowadays and it is responsible for a lot of utility apps from making it easier for us to keep in touch with friends and loved ones, to editing photos. As innovative as this is, what happens when criminals also put on their thinking caps and launch attacks? We end up having phishing scams, or Phishing as a Service (PaaS).
PaaS industry also makes software, but instead of being of benefit to the entire public, their phishing scams software allows the success of phishing campaigns. You don’t even need to have a vast knowledge of the principles of the scam, thanks to the software. They have even gone further to create email templates for different scenarios that are more effective at deceiving and tricking people into clicking.
The phishing emails you get today are no different from those you get from legitimate companies like Google and FedEx. So to protect yourself better, you would have to learn about how phishing has grown into what it is today.
Optimizing for Conversion
Its common knowledge among marketers that fewer distractions on a web page make it easier for people to click on the purchase button. Too many buttons on the page or confusing text could lead to less conversion and phishing as a service software developers are also aware of this. They optimize their software to increase the chances of you typing in your personal information before you realize something is not right.
Tracking the performance of emails is another aspect that PaaS developers have mastered. With comprehensive dashboards, phishers get a statistic of how many people open their emails, or how many people click on their links to web pages that have been designed to steal login details. An act as simple as changing a few things in an email can create a different reaction from people.
For phishing emails to be effective on the victim, it needs to have these two things:
- The source has to be credible
- The action they are tricking people to perform has to be properly disguised.
For example, a fake email from myuniversity.org is sent to faculty members asking for renewal of passwords. It bears the exact name and logo of the real platform and requests that their renewal be done within 24 hours. Once they click the link, the following can happen:
- The user is redirected to a clone page of the real website where they would be asked to renew their password. Both old and new passwords would be required
- The hacker steals this information
- The user session cookie is also hijacked, giving the attacker access to the university network
Fake Websites On Demand
Phishing as a Service industry also provides website templates that are exact replicas of the login pages for a popular site. Creating fake landing pages is not at all difficult and the URL and links you will see on the page are all fake.
To make it even more difficult to recognize phishing emails, PaaS programmers create almost perfect lookalike products for on-demand customers. The customers can then generate links randomly for inclusion in their phishing emails that look very identical to those from the real company.
How to Recognize a Phishing Email
Phishing emails are also evolving and are getting harder to detect. Unlike in the past, poor spelling, bad grammar, and poorly photoshopped logos rarely appear. Many phishing emails now could pass perfectly as being legitimate, but there are always some clues no matter how subtle that you can use to identify them.
Most times, phishing emails will take you to a login page from where your details would be stolen. Many companies are trying to combat this scam by using an authentication technology called magic links. Instead of inputting your information to join a workspace, for instance, you just click on the link, and you are granted access.
Be careful when you get an email that takes you to a login page. If you must log in, open a different tab and type in the address from your memory. You can also search for it, but don’t log in directly from an email link.
If you accidentally clicked on a link, check that the site you are on is the real one. You will see a lock beside the address for most sites, click on it.
Clicking the lock should cause a screen to pop up. Click on “Certificate” and this will take you to the site’s security certificate. It will tell you if your connection is secure or not. It also helps you check if the site is real as the certificate should contain the company’s real details.
If the details on the certificate are different from the company you are trying to have access to, or you find multiple blank spaces, do not log into your account from there. It’s not a legit website.
What to Look Out for in A Phishing Email
You mustn’t have necessarily shopped online to have received an email like the one below. It’s an email informing you that they are great deals that require fast action or else you’d miss out.
Such emails aim to look as similar as is possible to the real thing to properly fool victims into clicking on links. The images can be easily gotten online and in the hands of someone with good knowledge of design, it will only take about 20 minutes to create so don’t be fooled.
The arrows on the image are pointers to what you should look out for in such emails. Even though the sender’s address looks real, you may find that on expanding it the address is missing a letter, has an odd character, or maybe an entirely different address altogether.
Professionally handled phishing emails will believably include the company’s name: @[business_name]customersupport.com, or customer_service@[business_name].net. They may even include the company’s logo and make use of brand colors to make it all the more believable.
Before clicking on any links, hover on it to be sure of the destination address. The most tempting buttons are often the ones that are used to trap you, especially the “See your deals” button. It looks tempting but it may be leading you to another page that would ask you to sign in.
Even if an email looks very legitimate, don’t click on the links on it. Open a new tab and manually type in the address yourself. If the email is about a password breach or reset, visit the website yourself and avoid clicking on the link from the email.
Avoiding Phishing Scams
Use antivirus software and keep it up to date. This would help prevent exploitation of vulnerabilities that may exist in your device. Together with other methods, you will avoid phishing scams more effectively.
In 2019 alone, over 17.7 million malware programs were detected using antivirus programs. This is nothing compared to the over 970 pieces of malware programs on the internet. It’s enough reason for you to use an antivirus software to stay safe and protect yourself from hackers.
Click Only When Safe
According to Verizon, 94% of malware is delivered via emails. 48% malicious email attachments used are office files to lure and deceive the victim. When you are on trusted sites you can click on hyperlinks and displayed links, but it isn’t wise to do the same for links in emails. You can get an idea of the link’s destination by hovering over it.
Update Yourself About New Phishing Methods
In the US alone, the yearly loss to phishing scams is about $350 million to $2 billion. Organizations can reduce such losses by organizing seminars for their staff on the subject to keep everyone informed. This way staff can recognize phishing scams easily and avoid them more effectively.
Update Your Web Browser Regularly
This is because with every update, security patches are released making you even more secure. Those patches repair vulnerabilities and make it difficult for hackers to reach you. Google released a patched version of their chrome browser, fixing the CVE-2021-21193 vulnerability amongst others. These vulnerabilities were being exploited by hackers but such loopholes would be closed once the updates are installed.
Always verify a site’s security before submitting any information. Never download any file from a site or email that is suspicious.
Firewalls stand between you and the internet and act as a safety mechanism. Using both software and hardware firewalls reduce the risk of phishers getting to your network and device.
Just as you would protect yourself in the real world by refraining from going to dangerous places, it’s also applied online. Be careful of the emails you open, and the links you click. Even if it appears you know the sender, think again. Their emails may have been hacked for all you know and you may be a victim of a phishing scam.
Staying safe online requires not just the right practices, but also the right tools. One of the best ways to ensure your online security and privacy is by the use of a VPN. The levels of protection you get from different VPNs are not the same, and that’s why you should only go for the best. LimeVPN doesn’t directly protect you from phishing attacks, but it does keep your connection secure and keeps your data safe. So with the right practices, and this tool, you would be untouchable.