The insane world of Phishing


Phishing, is a global, ongoing problem, from which noone is safe anymore. Cyber criminals have an endless supply of means to hook innocent email users. The tools are sold and distributed in the darkweb. Recent “innovation” has been boosting the search engine results to lure people to log on to phishing sites.

Why you should consider protecting yourself against phishing?

Back in 2019 I wrote an article: ”Who’s afraid of The big bad site – no one soon!”. In that article I am trying to emphasize the fact why it so important to be extra careful when you visit a website and always try your best to find out who is running it.

Browser manufacturers have followed each other in their user interface design and unfortunately this has lead to a situation where it is harder for a common internet user to see who is running the web site. The green padlock (see the picture below) has been removed from the browser user interface.

How does this relate to Phishing?

Criminals seem to have endless resources and time to put them in use. No language zone is safe anymore. Finnish was thought as one the most encrypted languages and hard for automated translation tools to translate, but this is not the case anymore. Phishing emails are really well composed and legimate looking. Their sole idea is to cause feeling of urgency or panic for the recipient. They try to get the recipient to urgently react or click on a malicious link. Often a user is directed to a Phishing site which may be a legimate looking copy of a bank site. Unfortunately quite often the user falls for these phishing attempts.

How can we protect ourselves?

It’s way easier said than done. Common sense is a good starting point. Banks don’t usually send out emails and ask for bank account information. They have a need to protect their customers and reputation. It pays to visit your bank website regularly (and make sure you’re on a right site) to read the bulletins banks are providing. Often there is information about the ongoing Phishing campaigns where their customers are targeted.

Mobile devices, phones, tablets etc. have brought the world in to our pockets. They have also opened our pockets to cyber criminals. The email apps on mobile devices are tricky when it comes to spotting the email sender. In most cases it may look like an email is coming from your CEO for example, as the device will only show a so called displayname on the sender field of the app. It can be, and often is, counterfeit. It is a common tactic that criminals use. It’s a good practise to give a short call or text the sender if you think the message looks suspicous. It only takes a couple of minutes but it can save you a lot of trouble.

Always check who is behind the website you’re visiting!

That little padlock can tell you who is running the website. By clicking on it, you will see the details of the site owner if they are using an organization validated certificate. This is especially important if you have landed on the site via a click on a link inside an email. Unfortunately nowadays not all site owners (when it comes to organizations) are using organization validated certificates.

Banks, finance and public organizations are still using the highest validation certificates. (Extended Validation certificates) which provide the site owner information with just a click on the padlock.

Stay safe and surf the web safely.

Read more