Phishing

The term 'Phishing' refers to misleading people through the internet to get them to disclose personal information such as passwords and credit card numbers, but also to get malware installed,  e.g. a computer virus that infects or encrypts all the files (ransomware) or spyware that steal company secrets. 

People usually equate phishing with fraudulent e-mails, but it can be carried out through other channels also. We distinguish: 

Different methods used for phishing  

E-mail spoofing 

How? The attacker uses a false e-mail address. You get an e-mail that seems to come from a person you know or a company where you are a customer. Often, the scammer will forge perfectly an existing form of that company, such as a receipt for a transaction.  

Why?The scammer asks you to click on a link, log in and carry out a certain operation, such as share files.  

How to recognise the attack? your name is not mentioned in the ‘To’ field, or it is among an entire list of other people whom you do not know; or you are not a customer of that particular company, at least not with the e-mail address to which the e-mail was sent.  

URL Phishing 

How? The scammer camouflages a web address or URL in an e-mail or another message in such a way that it looks like a reliable address. He uses the following techniques to that end:  

• The link is hidden under a ‘Click here’ or ‘Subscribe now’ button  

• The link is shortened with a link shortener such as t.co/xz92drTT92 

• The link is an incorrect spelling of a known company, e.g. citiibank.com instead of citibank.com  

• The link is a homographic variant, e.g. arnazon.com instead of amazon.com or Faceb00k.com instead of Facebook.com 

The attacker has registered these fake domain names beforehand. If you click on the link in an e-mail or other message, you are taken to that imposter website.  

Why? Obtain your data, install malware, etc.  

How to recognise it? Move the cursor over the link. The entire link will appear on your screen. Press long on the link in your mobile device, and the entire link will appear in a pop-up. You can also right click on the link, and copy it to your notepad.  

Subdomain attack  

How? A weblink contains the name of a known company which reassures you. But if you take a closer look at the address, you will notice that the weblink does not refer to the domain name of the known company at all – it is a subdomain of a domain in the hands of the attacker!  

How to recognise it? Always study a web address carefully. Start from right to left – the word combination BEFORE the forward slash / is the domain extension, and the domain name is to the left of it. Everything before it is a subdomain.  

Example: https://inlog.dnsbelgium.be.bijdeneusgenomen.be/jouwaccount. Here, "bijdeneusgenomen.be" is the domain name and "dnsbelgium.be" is a subdomain of the domain name.  

Phishing through pop-up  

How? You visit an ordinary website when a pop-up window suddenly appears. It asks you to log in to your provider’s website for instance. This is ‘in-session phishing,’ a technique used in malvertising.  Read more: 'Fraud through malvertising' 

Our advice: These pop-ups can be very stubborn; they often do not disappear by pressing the Escape key, the little cross in the top right corner. Close the tab and surf to the website again. Close your browser if necessary.  

Phishing via search engines  

How? The attacker recreates a perfect copy of the website of a well-known company. He places an advertisement in a search engine such as Google, with the name of that company as a keyword. If you type the name of the company in that search engine, the attacker’s website will appear among the sponsored links at the top of the search results.  

How to prevent it? avoid adverts at the top of the search results which are recognisable by ‘ad’ mentioned next to the link. Be particularly wary when you are enticed with extra discounts and super offers. If you know the web address of the company, just type it in the address bar.  

Phishing by circumventing filters  

How? Most filters in your e-mail programme and your antivirus will warn you when you click to open a suspicious link in your browser. The attacker therefore makes the link unclickable and gives instruction to copy the link to the browser with copy/paste in order to circumvent the filters.  

How to prevent it? Never trust such e-mails. Do not comply with the request to copy the link.  

The anti-phishing armour that protects you as well as possible  

A good dose of suspicion can prevent all sorts of trouble. Apply these rules.  

• If you get a call from a company that asks you to carry out operations on your computer, do not comply. Ask for the name and telephone number of the person and tell them that you will call them back. In the meantime, you can ascertain whether that telephone number actually belongs to your bank or to the company mentioned.  

• Beware of e-mails, especially when they are not addressed directly to you and are full of spelling mistakes.  

• Always analyse the links in e-mails. Copy the link to your notepad as an ordinary text.   

• Use a password manager.  

• Activate two-factor authentication for each website or web service that offers it  

• Use secure websites as much as possible; they are recognizable by “https” in the web address and the closed lock.  

• Make sure that your antivirus is always up to date  

• Install immediately the latest updates of your operating system, e-mail programme, browser and all software that you use. 

• The Centre for Cyber Security in Belgium and the Cyber Security Coalition provide materials to raise awareness about the dangers of phishing among users. Download the cyber security kit and spread the message among your colleagues, users and students.  

• Have you noticed a phishing attempt? Or have you fallen victim to such an attack yourself? You must always lodge a complaint with the police to prevent that others fall victim too. Click here for the instructions.  

Keep it safe!