IZOOlogic - Phishing Protection

 

Clickbait Scam

Getting tricked is the classic way of how criminals try to take advantage of people they want to steal from, and click baiting is one of the cyber classics to do it. With accompanied technical knowledge the success rate of hackers and criminals has shoot up and they became more productive and active on doing it.
People has to be more careful when it comes to clickbait, because it has been socially engineered to improve their success on someone clicking a scam link leading to a scam site by spamming both generic and personalized email. Personalizing click bait email has a higher success rate, but now that people are also more aware of it the success rate of course was lessened, however criminals found an alternative way to spread click bait for their phishing activities.

Social Media Clickbait

Spear phishing still has a high percentage rate of success which clickbait method falls into. Now that the social media platform has become more popular these days, criminals are taking advantage of it to look for their prey.
It is somehow a phenomenon that people these days are more trusting to social media outlets such as Facebook, and Twitter. One proof is that most fake news articles were propagated through these social media platforms where catchy and interesting phrases, and headlines were used to lure people and click the link to be taken to a site which hosts a fake content.
Criminals now use social media platforms and spread their activities through clickbait by handcrafting catchy tweets and posts by manually looking for targets. But it is also possible to hunt their targets with specific profiles such as titles with CEOs and other executive positions, or by looking into people who are active users by writing a program that could data mine users’ tweets and posts by doing a search on the whole website. Hashtags in social media platform are filterable and searchable, through these they can be mined into raw data to be analyzed and become a potential target.
It is also possible that mined data can be used to feed it to a machine learning system to generate tweets or posts that would more likely get the attention of group of people to retweet/repost it or click the link within the tweet/post. Imagine an AI that can create viral posts and tweets.
Combining the techniques above through profiling and socially engineering posts and tweets, criminals could potentially become more productive and rampant as ever to be used for phishing and scam attacks.

What to do?

Most likely, sophisticated attacks such as mentioned above targets the elites and gullible enough to click on a phishing link. Fodder targets are those people who spread through retweets and reposts in order to make a certain click bait post popular.
Since the attacks are sophisticated, a sophisticated phishing solution must be used to counter and mitigate such attacks. Having a team/department equipped with Phishing intelligence and Anti Phishing solution strategies will be a big help in battling the more immersive threat of in the cyber landscape.

Phishing via Misspelling
Phishing, no matter what form it takes is now considered to be the #1 security threat affecting users and their devices. While most phishing techniques have remained a stable cyber-attack over the years, affecting users on computers for as long as the internet has been around, hackers have learned to take advantage of one unsuspecting element, the users.
Several technological researches suggest that a user is 3x more likely to fall victim to a phishing attack on their own devices (Mobile or PC). There are a number of reasons as to why this is the case; one example is the lack of screen real-estate mobile devices provide, and when browsing, it’s easy to simply navigate to a specific URL without realizing it’s a phishing site.
Users simply don’t expect these things to happen on their PC or mobile devices, which they essentially trust, of course.
To show an example, we have considered a few major brands that are popular to most users.

• Google
• Apple
• Paypal
• Microsoft
• Facebook

These brands are explicitly “trusted” by their users because of their reputation. And they have their
own online platforms that users interact with at a regular basis, regardless if it’s via PC or mobile.
Cyber-attackers, of course, know how to take advantage of this trust. They generate domains or webpages that contain these brand names to increase the probability of users providing these fake sites with their personal information. And the unfortunate thing is, users are falling for it.
For example, imagine the domain name: www.facebook.photos.login. This can easily be a malicious domain. Keep in mind, this is not the same domain as www.facebook/photos/login. The full stops mean this is in fact a subdomain, one that in all probability is not owned by Facebook.
This subdomain can therefore be registered by any user, making it an appealing target for cyber-attackers looking to exploit victims. With limited screen real estate for mobile devices, it’s especially difficult to gauge the difference between a legitimate domain and a spoofed subdomain.
Users are more than likely to mistake a familiar looking phishing link for a legitimate one, especially with the advanced phishing techniques cyber-attackers are using today. This simply goes to show that regardless of the brand name, keyword or channel used, even the most legitimate looking links cannot be trusted.
In this case, hackers are placing their bets on you casually neglecting the subtle irregularities in their malicious URLs. This is much easier to do than you might first anticipate. Think about the numerous
times you’ve misspelled a domain when you’ve typed it into your browser, especially when you’ve entered it on your phone (with a small keyboard and even smaller font).
So when you look at:
www.amazon.com/home….
www.amazo.com/home…
There really isn’t much of a difference unless you’re looking very, very closely.
It’s always good to arm yourself with knowledge and understand the fact that regardless of the apparent authenticity of a message or URL, it’s always important to double, triple and quadruple analyze not only the domain itself, but the source of the message and the logic behind it.