Phishing is a term used to describe how hackers attempt to deceive users into typing their passwords on their fake website. They achieve this by sending emails that mimic those from legitimate organisations such as banks, email providers, delivery services, or any other services the user maybe using.
To execute a phishing attack, hackers create a new website designed to look identical to the targeted organisation’s website, be it a bank or an email provider. They then craft an email that appears to have been sent from that organisation, with slight alterations to the links in order to direct the user to their fake website.
When a user receives such an email, if it closely resembles emails they regularly receive, they may fail to recognise that it’s a fake and inadvertently click on the provided link to log in to their account. Once the user enters their password on the hacker’s fraudulent website, it is captured and sent to the hacker. As the website is not genuine, the user won’t be able to log in, and an error message stating that the entered password is incorrect will be displayed. The user is then redirected to the actual website, where they can make a successful login attempt.
Once the hacker obtains the user’s password, they can gain access to the genuine account. They may proceed to take control of the account and change the passwords. In the case of a bank account, they could initiate transfers of funds from the victim’s account to their own, subsequently converting the money into cryptocurrency to make it harder to trace and retrieve by the bank, effectively preventing its return to the victim.read more
Phishing is known as a social engineering attack, because it attempts to trick users into revealing their sensitive information such as their usernames, passwords, credit card numbers, or other personal information. It is a very common technique used by cybercriminals to gain access to user accounts, financial data, or other confidential information.
Social engineering attacks are often conducted through emails, text messages, or social media messages that look like they are coming from legitimate sources such as banks, online retailers, or other trusted organisations. The attackers will use a variety of tactics to make the messages appear legitimate, such as copying the organisation’s logo and email format, and creating a sense of urgency to prompt the user to take immediate action.
Once a user clicks on a phishing link or enters their information on a fake website, the attackers can use the stolen data to gain access to their accounts, steal their money, or commit identity theft. In addition to financial losses, victims of phishing attacks may also suffer from reputational damage, loss of trust, or legal consequences.
To protect yourself from phishing attacks, it is important to be vigilant and sceptical of any unsolicited messages or requests for personal information. Always verify the legitimacy of the sender and the website before clicking on any links or entering sensitive information. Use security software, such as anti-virus and anti-malware programs, to help detect and prevent phishing attacks. Additionally, it is recommended to use multi-factor authentication (MFA) to add an extra layer of security to your accounts.
If you suspect that you have been a victim of a phishing attack, it is important to act quickly. Change your passwords immediately and monitor your financial accounts for any suspicious activity. Report the attack to the relevant authorities, such as your bank or law enforcement, and share any information that may help identify the attacker or prevent future attacks.
How to detect phishing
Check where the email came from, often when you take a second look you may notice the email address is not quite right, or doesnt match the name at all, but sometimes the address can look perfectly fine since any email address can easily be spoofed.
The second thing to do is to look at the link its suggesting you visit. Often the link displayed isn’t the actual address it will go to. If you hover your mouse over the link, a small popup should appear displaying the actual link address.
Often the link address is just a short URL that doesn’t tell you much. If this is the case, here is a tool that you can copy and paste the link to, and it will tell you where the link will lead: websiteplanet.com/webtools/redirected/
How to report phishing attempts
If you receive a phishing email, its important that you report it; which will help stop other receiving the same email, and makes sure the hackers don’t receive money for their scam.
There are a number of places to report phishing, and would recommend that most users action the first two tasks listed below. If you really like to give the hacker a hard time, we suggest doing all of these steps..
Many email systems (such as gmail) have an easy option to report phishing emails back to them. It works similarly to how spam emails are controlled. If you right click on the email summary you may get an option to ‘Report Phishing’. If there nothing within your email system to report it, then mark the email has ‘Spam’ or ‘Junk’ instead. It will then move it to your spam/junk folder, but will also do so for future similar emails and often teaches the system to help other users too.
Every email has hidden header information which will also contain information of where the email really came from, including all the servers it hopped through to get your email server, so make sure you pick out the IP address of the originating server. Sometimes the source IP is not a public IP address (such as 192.168.1.1) which is no good; if this is the case, the next one in the list is usually the public IP address you need.
Once you have found the source IP address you need to do a whois lookup for it, which will tell you who is responsible for that block of IP addresses and where to email the people who are abusing it. Email them; tell them which IP address was used to send the phishing email and when it was sent. In most cases though these email address are not regularly monitored, sometimes not at all, or sometimes just reply back with link to where you can really make contact.
The IP whois information will often give the organisation name. Do a normal internet search for that name to find their official website and see if they have any ‘abuse’ report forms, or other contact information which you can send the phishing details to.
There are rules for which domain names can be used which is set by each of the registrars. If you do a whois lookup on the domain name, it is supposed to tell you the owner information, but most of the time today this is obscured, but there will be information to which domain register was used. Do an internet search for that registrar and you will often find a page on their website to report domains names which are being abused. Submitting a report to the registrar with a link an example link will often result with the domain name being suspended; although it can take days or even weeks as there is often a review process before it happens.
Scammers tend use registrars which don’t comply very quickly to these these requests, registrars such as:
For a website to be live, someone needs to be running the hosting server. There are many server farms around the world, and nearly all of them will not tolerate their servers being used for phishing scams. Use a DNS look up to find the IP address of the website, then use a whois lookup on this IP as to find who owns that IP block. The owner of that IP block will be associated with the server hosting, sometimes its a single organisation, other times its two separate organisations but are closely working together. Find the organisation name of the IP block and do an internet search as to find their website. There will often be a link or a contact form to report web hosting abuse.