What is Phishing?
Phishing is similar to fishing, cyber criminals hooks a malware and wait until someone is caught. Cyber criminals hooks individual in the form of Emails, SMS, Calls, Replica of know websites and many more methods. In the case of a computer, once caught then the attacker is the owner of the computer or your important accounts credentials. In the case of SMS and Calls, scaring to get the personal information or credit card details and websites, login credentials.
Sometimes its hard to recognized that you are really being hooked or phished.
How this Phishing works?
I am using Email phishing example since its the most common and people are still getting hooked on emails.
Email was sent to me which went to SPAM but its not always the case.
Looking at the Email below is very obvious to be curious to know what invoice this email is talking about.
Once clicked on the link you are hooked but still can manage to get out of the danger.
When you open the download file is when you are completely hooked and caught perfectly (danger zone).
As you can see there is no content on the file but just the marcos which is the malicious code to impact the computer.
At this point, you might just ignore the file but you are phished and on background few process are running and trying to connect to malicious servers to submit data, also called as C&C (Command-and-control).
Following is the background analysis on the file downloaded.
My system configuration:
***THIS ANALYSIS IS PERFORMED IN VIRTUAL ENVIRONMENT***
***PLEASE DON'T USE THE LINK ON YOUR ACTUAL COMPUTER FOR ANALYSIS***
This is the traffic of the impacted computer started to contact to GET more files to compromised the system entirely.
Above process show how an email phishing works and compromise the system.
How to detect a phishing method?
The most important to detect phishing emails is from where is came from, Name is not important email id is the most important part to see.
Below screenshot points out important things to watch before clicking or downloading a file.
- Email ID (@"domain-name")
- Wrong details
- Unknown link (Suspicious link)
- Grammar
- File Name (once downloaded)
This are few important points which confirms that its a phishing email which can be deleted or reported.
Similarly, things to check on phishing websites:
- Domain Name (URL)
- Grammar
- Copyrights
- Website certificate (https://)
How to verify if file is malicious or not?
VirusTotal ( https://www.virustotal.com ) is one of the best open source analyzer for files, website and domain names. It gives a good idea about a file is malicious or out according to the Anti virus companies scan or signatures.
This is the link for the malicious file downloaded.
For more details analysis,
Hybrid Analysis ( https://www.hybrid-analysis.com/ ) is a good tool for detail analysis more suitable for IT professionals.
##Take Away##
PERSONAL DATA or INFORMATION is an important part for an individual/organisations which is directly proportional to MONEY and REPUTATION.
Don't be to busy which cause you to get hooked and compromised. Be safe and careful in this Cyber World.
