Phishing: A simple click could be more destructive than you think

By André Carneiro.

When someone brings up the topic of cybersecurity, there are certain terms that come to mind almost instantly: hacker attacks, scams, elaborate tactics, account takeovers, theft of sensitive data, threats, information leaks, and others.

Such events often complex and in many cases destructive to goalsHowever, given the development of defense strategies and mechanisms, many of them can be avoided if diagnosed early.

One of the most common ways to launch a cyber attack, whether on a low or large scale, phishing.

Even though this little word seems innocent, it calls it a malicious social engineering technique. Used to deceive internet users through wire fraud in order to obtain confidential informationlike:

• login name;
• password for a specific website;
• credit card details.

Many of these scams even start with a simple click on a fake link that appears to be legitimate.

HE E-fraud can be a gateway to attacks that destroy the lives of individuals, SMEs and even large companies. For industry experts like me, it is gratifying to know that society’s awareness of the issue is increasing, but it is also gratifying to know that these types of scams still have many victims, including cases all over the world and on a large scale.

Sophos, a company I lead in Brazil, announced that an incident had recently been discovered E-fraud where all scams are designed to steal credentials – unique identifiers such as username and password that allow logging into the corporate email account.

Customization makes scams more believable

In this case, investigated by Sophos, criminals used highly advanced social engineering techniques to attack nearly 800 companies around the world. To this end, the group of scammers, presumably Russian, sent more than two thousand emails to the following address: E-fraud It is aimed at these companies operating in the public, health, energy and infrastructure sectors.

To carry out the attack, cybercriminals used a rather unusual tactic; but this tactic was extremely effective because it was customizable: They added the target companies’ own logo to the email phishingSo employees thought it was an internal company statement.

When these emails were opened by employees, they were asked to enter their passwords on a login page identical to the organization’s website. From there, the attackers stole the passwords and began extracting them for their Telegram channels.

According to research conducted by Sophos, criminals appear to have taken advantage of people whose email addresses are registered with certain corporate community websites, which is exactly how our team was alerted to the case.

Even researchers can’t emerge unscathed

To get an idea of ​​how we can all actually be the target of cyber scams, I will talk about the Andrew Brandt case. He is one of our top threat researchers at Sophos and lives in Boulder, Colorado, United States. While running for the local school board, Andrew received an email from a cybercriminal posing as one of his running mates and ignored it.

But attackers are persistent. When criminals realize that their initial email compromise messages are failing, They started to take initiatives through phishingHe sends Andrew several messages with an attachment of the login page for what appears to be his personal campaign website.

Andrew commented on these coup attempts that he has personally encountered, and he brought up a salient point: when people work for large corporations or have some sort of political initiative, they are going to receive a large amount of emails from senders they don’t know.

And in many cases, These messages create a sense of urgency. My advice is: If it’s from an unknown person, why is it so urgent? Please always be suspicious of it.

How to stay awake?

Anyone who has publicly available contact information online must receive training to be able to recognize the risk of a possible attack.

We can never ignore the need for security support features like multi-factor authentication, which tends to work very well against phishing cases.

Finally, to prevent frauds that put a company’s entire cyber health or a person’s sensitive data at risk, It is important to have threat monitoring tools. The most effective form of protection is to prevent vulnerabilities rather than seek recovery methods after the attack has occurred.