Phishing Attacks: How to Spot Them

WHAT IS PHISHING &
HOW ARE HACKERS USING IT?
Steve von Ehrenkrook,  CJS Associates

While the number of people falling for sending personal information to the crown prince of Nigeria in hopes of receiving his promised wealth and riches seems to be dropping, phishing remains a major issue. In fact, the number of phishing campaigns pursued by hackers around the world increased 65% in the last year.

What exactly is phishing? Hackers mimic the emails, forms, and websites of legitimate companies in an effort to lure people into providing their private, personal information, like credit cards numbers, social security information, account logins, and personal identifiers. The victim typically doesn’t realize they’ve been compromised until long after the event, and oftentimes only after their identify or finances are affected. In the past, an attack was carried out relatively quickly. As soon as the victim gave up their information, the hacker moved in and stole money from the compromised bank account. Today, it’s often more lucrative for hackers to sell that information on the Dark Web, resulting in longer-lasting, even more devastating attacks.

3 Types Of Phishing Attacks

Spear Phishing

Phishing attempts directed at specific individuals or companies have been termed spear phishing. Attackers may gather personal information about their target to increase their probability of success. This technique is by far the most successful on the Internet today, accounting for 91% of attacks.

Threat Group-4127 used spear phishing tactics to target email accounts linked to Hillary Clinton‘s 2016 presidential campaign. They attacked more than 1,800 Google accounts and implemented accounts-google.com domain to threaten targeted users.

Clone Phishing

Clone phishing is a type of phishing attack whereby a legitimate, and previously delivered, email containing an attachment or link has had its content and recipient address(es) taken and used to create an almost identical or cloned email. The attachment or link within the email is replaced with a malicious version and then sent from an email address spoofed to appear to come from the original sender. It may claim to be a resend of the original or an updated version to the original. This technique could be used to pivot (indirectly) from a previously infected machine and gain a foothold on another machine, by exploiting the social trust associated with the inferred connection due to both parties receiving the original email.

Whaling

Several phishing attacks have been directed specifically at senior executives and other high-profile targets within businesses, and the term whaling has been coined for these kinds of attacks. In the case of whaling, the masquerading web page/email will take a more serious executive-level form. The content will be crafted to target an upper manager and the person’s role in the company. The content of a whaling attack email is often written as a legal subpoena, customer complaint, or executive issue. Whaling scam emails are designed to masquerade as a critical business email, sent from a legitimate business authority. The content is meant to be tailored for upper management, and usually involves some kind of falsified company-wide concern. Whaling phishers have also forged official-looking FBI subpoena emails, and claimed that the manager needs to click a link and install special software to view the subpoena.

Have you ever gotten an email from your bank or medical office asking you to update your information online or confirm your username and password? Maybe a suspicious email from your boss asking you to execute some wire transfer. That is most likely a spear phishing attempt, and you’re among the 76% of businesses that were victims of a phishing attack in the last year.

Method Of Delivery

Phishing scams are not always received through email and hackers are getting trickier and trickier with their preferred method of execution. Last year, in 2017, officials caught on to attacks using SMS texting (smishing)Voice phishing (vishing) or social engineering, a method in which users can be encouraged to click on various kinds of unexpected content for a variety of technical and social reasons.

Ransomware: The Consequence

Phishing is the most widely used method for spreading ransomware, and has increased significantly since the birth of major ransomware viruses like Petya and Wannacry. Anyone can become a victim of phishing, and, in turn, ransomware attacks; however, hackers have begun targeting organizations that are more likely to pay the ransoms. Small businesses, education, government, and healthcare often, unfortunately, don’t have valid data backups, so they are unable to roll back to a pre-ransomed version of their data. Instead, they have to pay their way out or cease to exist. Outside of ransom costs, victims of phishing campaigns are often branded as untrustworthy, and many of their customers turn to their competitors, resulting in even greater financial loss.

Why are effective phishing campaigns so rampant despite public awareness from media coverage?

Volume: There are nearly 5 million new phishing sites created every month, according to Webroot Threat Report. There are now even Phishing as a Service companies, offering phishing attacks in exchange for payment. One Russian website, “Fake Game,” claims over 61,000 subscribers and 680,000 credentials stolen.

They Work: Over 30% of phishing messages get opened, and 12% of targets click on the embedded attachments or links, according to the Verizon Data Breach Investigations Report. In short, these hackers have gotten really good at looking really legitimate.

They’re simple to Execute: New phishing campaigns and sites can be built by sophisticated hackers in a matter of minutes. While we think there are far more legitimate ways to be earning money, these individuals have made a living out of duplicating their successful campaigns.

How do you protect yourself from a phishing attack?

Now that you have an understanding of what phishing is, the next part will teach you How to Spot a Phishing Attack.

Would you know if you were the subject of a phishing attack? Many people claim that they’d be able to tell right away if they received an email from an illegitimate source. If that were the case, there wouldn’t be 1.5 million new phishing sites every month, a 65% increase in attacks in the last year, and hackers would have moved on to their next idea for swindling people out of their identities and money. How do you spot a phishing attack and avoid falling victim yourself?

Look For These Red Flags:

  1. Sender Email Address: Always check to make sure that the email address is legitimate. Amateur hackers will send things from Gmail or Hotmail accounts and hope you don’t notice. More sophisticated hackers will closely mimic an actual email domain, like amazonprime.com rather than amazon.com. Double check the email address before responding, clicking, or opening, even if the from name appears correct.
  2. Discrepancies in Writing Format: If the attack is coming from overseas, you’re likely to notice some small issues in writing format, like writing a date as 4th April, 2018 rather than April 4, 2018. While this is subtle, it should be a red flag.
  3. Grammar Issues: We all fall victim to the occasional typo, but if you receive an email riddled with grammar and spelling mistakes, consider the source. It’s likely a hacker, especially if the email supposedly comes from a major organization.
  4. Sender Name: This one is also difficult to track, but phishing emails will typically close with a very generic name to avoid raising suspicion. You should recognize the people that send you emails, or at the very least, clearly understand their role at the organization.
  5. Link Destination: Before you click on any link in an email, hover over it. The destination URL should pop up. Check out the domain name of this URL. Similar to the sender email address, make sure that this address is legitimate before clicking.
  6. Attachments: Is it realistic to expect an attachment from this sender? Rule of thumb, don’t open any attachment you don’t expect to receive, whether it’s a Zip file, PDF or otherwise. The payload for a ransomware attack often hides inside.
  7. Email Design: A cooky font like Comic Sans should immediately raise red flags if you don’t clearly recognize the sender.
  8. Links to Verify Information: Never, ever click on a link to verify information. Instead, if you think the information does need updating, go directly to the website. Type in your email and password, and update your information from the Account tab. Always go directly to the source.
  9. Odd Logo Use: Hackers try their best to mimic the site’s look and feel. Oftentimes, they get very close; but they won’t be perfect. If something feels off, it probably is.

While there is no fool-proof method for avoiding falling victim to a phishing attack, knowing how to spot likely culprits is one step in the right direction.

Use a VPN for Safer Online Shopping

With the holidays fast approaching,
are you looking to buy presents online?

The holiday season has become synonymous with online shopping. This isn’t really surprising as physical stores usually attract crowds of deal hunters. This often conjures up images of throngs of people waiting in line outside the store, some even camping out. This activity is tolerable for some and even fun for others. However, for many others, it’s not worth the hassle.

Why would it be, when there are perfectly legitimate and convenient alternatives online?

Well, for one thing, many people shop online without first thinking about their security. Most people are led to believe — or want to believe — that all e-commerce sites are secure. This isn’t completely true. With so much personal and financial information being exchanged, online shoppers aren’t the only ones enjoying the holiday rush — cybercriminals are too!

Still, it’s possible to add security to your e-commerce transactions by using a virtual private network. A VPN can help you enjoy your online shopping experience without worrying about falling prey to cybercriminals.

The Cybercrime Problem

First, here are some of the pressing reasons for securing e-commerce transactions in the first place.

As you know, e-commerce stores usually require you to register with their site in order to enjoy their services. This involves trusting them with your personal information, usernames, passwords, and credit card details — information that you’d rather did not fall into the wrong hands.

The thing is, cybercriminals know this fact. They will descend to any depth just to get their hands on such information. How exactly do they do this?

KRACK Attacks
A KRACK (key reinstallation attack) is a severe replay attack on the WiFi Protected Access protocol that secures WiFi connections.

An attacker gradually matches encrypted packets seen before and learns the full keychain used to encrypt the traffic by repeatedly resetting the nonce transmitted in the third step of the WPA2 handshake. This attack works against all modern WiFi networks.

Simply put, KRACK attacks can intercept sent data by infiltrating your WiFi connection, no matter which major platform you’re on (Microsoft Windows, macOS, iOS, Android, Linux, OpenBSD and others). These attacks require the attacker to be within the range of the WiFi connection they’re trying to infiltrate, which means they might lurk somewhere near or inside your home, office or school.

MitM Attacks
In a MitM (Man-in-the-Middle) attack, the attacker secretly relays and possibly alters the communication between two parties who believe they are directly communicating with each other.

This attack can succeed only when the attacker can impersonate each endpoint to the other’s satisfaction, delivering results as expected from the legitimate ends.

In the context of e-commerce transactions, these attacks are done on unprotected WiFi networks like the ones you find in airports, hotels and coffee shops. This is actually one of the reasons I often suggest that people stay away from public WiFi unless they’re packing some security software.

With this type of attack, you never know if the person sipping coffee at the next table is simply checking up on social media accounts or is actually sifting through the data being sent by other patrons.

Rogue Networks
Imagine yourself going to a downtown hotel to visit a friend. You wait in the lobby and decide to connect to the hotel WiFi while you wait. You find that there seem to be two networks with the same name, so you connect to the one with the stronger signal.

STOP! You may be connecting to a rogue network.

Rogue networks are ones that impersonate legitimate networks to lure unsuspecting users into logging in. This usually is done by setting up near a public WiFi network and then copying that network’s name, or making it appear that it’s an extension of the legitimate network.

The main problem with this is that you never know who set up the rogue network or what data is vulnerable to monitoring and recording.

The Green Padlock’s Trustworthiness
Now, you may have heard that HTTPS sites can give you the security you need while you visiting them. Most, if not all, e-commerce sites are certified and will have a green padlock and an “HTTPS” prefixing their URL to reassure visitors that their transactions are safe and encrypted.

Hypertext Transfer Protocol Secure, HTTPS, is a variant of the standard HTTP Web transfer protocol, which adds a layer of security on the data in transit through a secure socket layer (SSL) or transport layer security (TLS) protocol connection, according to Malwarebytes.

The thing is, just because your connection to a site is encrypted doesn’t automatically make the site safe. Bad actors actually can forge SSL certificates and make it appear that their site is safe. Even worse, anyone can get an SSL certificateeven cybercriminals. The certificate authority simply needs to verify the site owner’s identity and that’s it — the owner gets an SSL certificate.

Now, bringing it all back, I’m not saying that all sites with green padlocks are unsafe. What I am saying is that you shouldn’t rely solely on the presence of these green padlocks to keep your transactions safe.

A VPN Can Provide Security
I’m now getting to the meat of the matter: using a VPN to secure your e-commerce transactions.

A virtual private network, or VPN, is software that routes your connection through a server or servers and hides your online activity by encrypting your data and masking your true IP address with a different one.

Once you activate the client, the VPN will encrypt your data, even before it reaches the network provider. This is better understood if you have basic knowledge of how online searches work.

Let’s say that you’re looking to buy some scented candles to give as emergency gifts. You open your browser and type in “scented holiday candles” and press “search.”

Once you do, your browser will send a query containing your search words. This query first goes through a network provider (your ISP or the owner of the WiFi network you’ve connected to), which can monitor and record the contents of these queries.

After going through the network provider, your query is sent to a DNS (domain name system) server that searches its databanks for the proper IP address corresponding to your query. If the DNS server can’t find the proper IP address, it forwards your query until the proper IP address is found.

The problem with this is that the contents of your query consist of easily readable plain text. This means that hackers or your ISP are able to view and record the information contained therein. If that information is your name, username, password, credit card information, or banking credentials, they’re in danger of being viewed or stolen.

These queries also can be traced (by hackers or your ISP) back to your IP address which usually is traceable to your personal identity. This is how bad actors infiltrating your connection can discover what you’re doing online.

So, with a VPN active, your online transactions and private information will get an extra layer of protection through encryption and IP address masking.

When discussing VPNs, it’s always important to consider the protocols they use. These protocols determine the security level and connection speed. As of this moment, there are five major VPN protocols:

  1. PPTP (Point-To-Point Tunneling Protocol) – PPTP is one of the oldest protocols still in use today. It originally was designed by Microsoft. The good thing about this protocol is that it still works on old computers. It’s a part of the Windows operating system, and it’s easy to set up. The problem is, by today’s standards, it’s not the most secure. You wouldn’t want a VPN provider that offers this protocol alone.
  2. L2TP/IPsec (Layer 2 Tunneling Protocol) – L2TP/IPsec is a combination of PPTP and Cisco’s L2F protocol. On paper, this protocol’s concept actually is quite sound: It uses keys to establish a secure connection on each end of your data tunnel. The problem is in the execution, which isn’t very safe.
    While the addition of the IPsec protocol does improve security a bit, there are still reports of NSA’s alleged ability to crack this protocol and see what’s being transmitted. Whether the rumors are true or not, the fact that there’s a debate at all should be enough of a warning to anyone relying on this protocol.
  3. SSTP (Secure Socket Tunneling Protocol) – SSTP is another protocol that traces its roots to Microsoft. It establishes its connection by utilizing SSL/TLS encryption which is the de facto standard for modern day Web encryption. SSL and TLS utilize setups built on symmetric-key cryptography in which only the two parties involved in the transfer can decode the data within. Overall, SSTP is a very secure protocol.
  4. IKEv2 (Internet Key Exchange, Version 2) – IKEv2 is yet another Microsoft-built protocol. It’s simply a tunneling protocol with a secure key exchange session. Although it is an iteration of Microsoft’s previous protocols, it actually provides you with some of the best security. It requires pairing with IPSec to gain encryption and authentication, which is what most mobile VPNs use because it works well while your VPN reconnects during those brief times of connection loss or network switching. Unfortunately, there is also strong evidence that the NSA is spying on mobile users using this protocol.
  5. OpenVPN – This takes what’s best in the above protocols and does away with most of the flaws. It’s an open source protocol based on SSL/TLS, and it is one of the fastest and most secure protocols today. It protects your data by using, among other things, the nigh-unbreakable AES-256 bit key encryption with 2048-bit RSA authentication, and a 160-bit SHA1 hash algorithm. One notable flaw it does have is its susceptibility to VORACLE attacks, but most VPNs already have solved this problem. Overall, it’s still the most versatile and secure protocol out there.

About Free VPNs and Jurisdictions
Now you’ve learned about the risks you may face with your e-commerce transactions and how you can avoid those risks by using a VPN with the right protocol. However, you may have heard rumors about VPNs not being as safe as they seem to be.

These rumors are partly true.

Not all VPNs can be trusted. There are VPNs that purport to be “free forever” while you’re actually paying with your personal information. Needless to say, you should avoid these types of VPNs and instead look for trustworthy VPN services.

Another rumor you may have heard is that trusting VPN companies with your personal data is just as bad as trusting your data to your ISP. This is only true for VPNs that log your data and are situated in a jurisdiction under any of the 14-eyes countries. This is why you should look into your VPN’s logging and privacy policy, as well as the country it is situated in.
In Conclusion
Buying online for the holidays can be an enjoyable and fulfilling experience if your transactions are secure. Protect your private information from KRACK, MitM, and rogue networks by using a VPN to encrypt your data and hide your IP address.

When using a VPN, remember to choose the most secure protocol available, and beware of free VPNs or those that log your data while inside 14-eyes jurisdictions.

Follow these steps, and you’ll be well on your way to more secure e-commerce transactions

Andy Marken, President
Marken Communications

Take Pepper With a Grain of Salt

A group of researchers have found substantial security issues in the SoftBank Pepper robot, including unauthenticated administrative capabilities. The findings were detailed in a paper, published this month, written by Alberto Giaretta of Örebro University in Sweden, along with Michele De Donno and Nicola Dragoni of the Technical University of Denmark.

Read more…

Other researchers found that these robots are susceptible to ransomware. Ransomware for robots is an increasing risk, as these devices can be exploited and locked to the detriment of business operations, according to research from IOActive,  Researchers found that they could exploit an undocumented function that allows remote command execution on both the Pepper and NAOrobots—two of the most used in businesses, research, and education worldwide. With these robots, and others that perform similar functions, cybercriminals could use ransomware to halt their work, display inappropriate content or language to customers, or perform violent movements during work.

Read more…

It’s Safe to Go Back in the Water

Sue Kayton says it’s safe to install the newest 18.03 update to Windows.  She  has installed it on more than 50 computers with success.

Here are her instructions BEFORE YOU UPDATE YOUR SYSTEM:

  1. First, run a DISK CLEANUP
    1. Right-click on the START menu and enter “Disk Cleanup” in the SEARCH box. Right-click on the program name and select “Run as Administrator” OR
    2. Click on the START menu, select “Windows Administrative Tools” and right-click on “Disk Cleanup”. Select “More” > “Run as Administrator”
    3. Select the OS disk, usually ‘C’, and click OK.
    4. Windows will list the files available for deletion. Select the folder you want to delete and click OK
  2. Run CHKDSK
    1. Open an elevated command prompt  (This link will take you to a  tutorial that will show you different ways to open an elevated command prompt that will run as administrator  in Windows 10. You must be signed in to Windows as an administrator to be able to open an elevated command prompt.)
    2. At the DOS prompt in the window enter “CHKDSK /F” to fix any disk errors.
    3. Enter “exit” to close the command window.
  3. Make sure Safe Mode is enabled. Enable Safe mode during boot to help you recover from a possible virus infestation or bad video driver.  Under Windows 10, by default you cannot use F8 during boot to enter safe mode. To enable safe mode, open an elevated command prompt and type in the following three lines, one at a time.
    1. bcdedit /set {bootmgr} displaybootmenu yes
    2. bcdedit /timeout 3
    3. bcdedit /set {default} bootmenupolicy legacy (note that the last line may give an error message because it may already be enabled.)
  4. Reboot your system
  5. Back up all your data

NOW you can run the update.

After the update, you will need to fix the following:

  1. Shares will be messed up.  You will need to re-create your shared permissions, especially for turning off password-protected sharing
  2. If you use a NAS, you may need to manually turn on (turn Windows features on or off) the protocol SMB 1.0
  3. Your Windows games (Solitaire, Freecell, etc.) will need to be reinstalled.  Use this link and make sure to UN-CHECK the box to install WinAero, which is malware.   http://www.suekayton.com/software/Win7Games4Win10Anniv.exe
  4. The update will suppress the ‘confirmation dialog’ on the Recycle Bin when you delete something. To recover it:
    1. Right-click on the Recycle Bin and select “Properties”
    2. Check the box  “Display delete confirmation dialog”.

How to Opt Out of Facebook Sharing

How To Change Your Facebook Settings To Opt Out of Platform API Sharing

You shouldn’t have to do this. You shouldn’t have to wade through complicated privacy settings in order to ensure that the companies with which you’ve entrusted your personal information are making reasonable, legal efforts to protect it. But Facebook has allowed third parties to violate user privacy on an unprecedented scale, and, while legislators and regulators scramble to understand the implications and put limits in place, users are left with the responsibility to make sure their profiles are properly configured.