Phishing is a type of social engineering attack used to steal user information such as login credentials, bank account information, or credit card numbers. The most commonly seen phishing attack is when an attacker, posing as a legitimate source, tricks a victim into clicking on a malicious link in an email. Once clicked, the link installs malware on the user’s computer and possibly gives the attacker access to other devices on the same network.
Often, the link opens a website owned by the attacker, specifically designed to look like a normal login or account validation page. However, when users enter their information into this website, all they are doing is giving that information directly to the attacker.
Phishing emails have been around since the dawn of the Internet, even having a paper and presentation discussing their use at the 1987 conference for the International HP Users Group, “Interex.”
While the basic premise hasn’t changed since then, attackers have had decades to improve their technique and automated delivery systems.
A New Defense
Jeremy Richards of the mobile device security company Lookout has been developing a novel solution to this problem. Lookout records the network traffic of over 60 million mobile applications and, as such, has a large amount of real-time data it can analyze.
After manually tracking phishing websites through this network, Richards discovered many telltale digital signs of phishing websites. He started creating tools to assist in this detection, but those quickly evolved into their own automated search engine.
The program now goes through several steps to algorithmically narrow down and positively identify malicious websites. For example, the program will check new domains (website addresses) for misspellings of technology or financial companies, or special characters used in place of normal lettering.
Once it spots a suspicious website, it will take a screenshot of the homepage and then automatically search for the logos of thousands of companies. Phishing websites almost always try to look official by using the actual logos from companies like Apple, Microsoft, and Google.
Once a site is confirmed to be malicious, Lookout can report them to the authorities, download the specific phishing code used by the attackers, then look for that code in future scans to find additional websites.
As phishing attacks occur with increasing frequency, these automated solutions will be necessary for us to stand any chance at stemming the tide of cybercrime.
How To Spot Phishing Emails
Here are some common characteristics of phishing emails that you can identify:
Poor grammar – Since most emails aren’t composed by native English speakers, they usually contain many grammar, spelling, and capitalization mistakes, along with unusual phrasing.
Generic or informal greetings – If a message doesn’t address you by name, it’s another sign that it is from an unknown attacker.
Sense of urgency – Most phishing emails want you to rush through the message and click on a link without looking at it too closely.
Hyperlinks – Hover over any links to make sure they go where they say they are going.
Attachments – Many phishing emails will include malware in attachments.
Unusual sender – If it’s from someone you don’t know, pay extra attention to the contents.