Detecting Phishing Attacks

According to a study by the University of Portsmouth, fraud costs the UK £193bn per year with large majority of this carried out via phishing. On average it is also estimated that the average cost of a spear phishing attack to a business is around £1.3 million (Cloudmark).

Over the past year Zepko Analysts have seen this first-hand with another huge increase in phishing attacks compared to 2015. In fact, we believe that in 2016 we have seen more phishing attacks than any other year. Our prediction is that the number of phishing attacks will continue to increase and be a major concern for many businesses in 2017.

So, what is a Phishing attack?

Phishing attacks are a type social engineering attack which are carried out to deceive users and manipulate them into doing something, such as;

• Handing over sensitive information such as usernames, passwords, payment details, and other sensitive or personally identifiable information.
• Trick users into downloading malicious files such as fake invoices or macro-enabled Word documents which lead to ransomware or other forms of malware infections.
• Lead users to technical support scams which manipulate them into calling premium rate phone lines or downloading malicious files such as banking Trojan malware.

There are many different types of phishing attacks but they all have a common goal — they are designed to benefit the malicious actor financially.

Often, phishing comes in the form of a webpage, email, or text message which appears part of a legitimate service. Alternatively other phishing campaigns will panic a user to think that something bad will happen unless they follow the onscreen instructions, or entice a user to click a link or submit data for the promise of something good in return.

Top Level Domain Phishing attacks

Top Level Domain (TLD) Phishing attacks are a type of phishing attack which is performed by registering domains with similar names to companies and hosting webpages which appear to be the real service or business with the intent to trick the real customers or employees.

For example, take a look at the two domains below:

https://www.domaindetect.io and https://www.domaindetect.jo

At first glance they appear to be identical. It is only on closer inspection that you can see they differ. This is one of the reasons detecting phishing domains is very difficult. They look legitimate until it is often too late.

Another example of TLD phishing pages can be seen in the images below. Which of the two webpages below do you think is the real online banking login page?

Unfortunately, even if you chose the second image you are incorrect.

Both of the images above are examples of real phishing pages which Zepko Analysts identified during 2016. As you can see, these pages vary in style and sophistication but it isn’t always clear to a user what is or isn’t a legitimate login page, and again, this makes detecting phishing domains very difficult.

Throughout the year Zepko analysts have seen numerous types of phishing pages (such as fake login pages for banking sites, ‘virus alerts’ pages, tech support pages, social networking pages, Microsoft ‘alert’ pages, HMRC login pages, Apple iCloud login pages amongst many others) and it appears no industry or company is exempt from being targeted by phishing campaigns.

So, how can we help?

DomainDetect

This year Zepko launched a new product, DomainDetect, to help businesses protect themselves, their customers and their employees from Top Level Domain (TLD) phishing attacks.

With a free 30 day trial, DomainDetect is the best way to keep on top domain based phishing attacks.

Using DomainDetect you are able to enter a number of search terms for your company. These will be used to scan over 250,000+ domains daily, and if matched, DomainDetect will send you an email alert with a list of all domains which matched your search terms. By using DomainDetect you can analyse all the similar domains provided in the email alert and, in most cases, you will be able to identify and stop the attack before the campaign has ever been launched.

If you wish to continue the trial after the 30 day free period, then you can subscribe for £99 per month. For more information about DomainDetect please visit the FAQ or sign up for your free trial here.