Send me your password!

Okay, so maybe they’re not always this obvious, but there are a lot of phishing attempts going around. But what the heck is phishing? It’s sort of like fishing –except someone is fishing for your username and password! A common tactic these malicious phishers use is to provide you with a link to a familiar-looking page, display a convincing form on that page, and prompt you to enter your password.

One of the biggest challenges we face is the ability to distinguish a safe login page or form from a malicious page. In the example below, you’ll see that I can display either of the images below on a web page. Since these are only screen captures, you will have a hard time filling them in :-).

                              

Can you tell which one is fake? Many of us wouldn’t hesitate to enter our credentials. The image on the right, however, is an outdated Gmail login page! Users must beware, even on pages with familiar-looking names and logos.

What Does Your Browser Tell You?

A key precaution to protecting ourselves and recognizing a phishing attempt is simply checking your browser: does the address bar say what you think it should say?

Many phishing attacks leverage hyperlinks that look normal (and safe), but contain fishy URLs  For example, if you navigate to www.gmail.com, you are redirected to accounts.google.com. While this can be confusing, Internet users need to take responsibility and be aware of what the information in their address bar means. Additionally, it is necessary to ensure that you have a secure connection.

Let’s take a look at the address bar in the Google Chrome browser. I entered gmail.com and am directed to the following URL:

Is the Page Secure?

The green “Secure” lock icon (to the left of the URL in the address bar) indicates that the URL domain name, accounts.google.com, is secure. Your information is protected. Clicking the lock icon shows you who owns the domain. In this case, Google tells us that they own the domain, so we can know that we can trust it.

If you’re not paying attention to the URL if the address bar, you may actually be on another site. For example, I could quickly create a site using the URL goooogel.com, obtain an SSL certificate to create the illusion of security, and build a simple form using the graphic above. The only thing left to do is to bring users to the site. I’ll send an email with a link to my malicious site and all you have to do is click on the link and try to log in – most users likely won’t notice the difference in the URL.  You attempted to log in, and I now have your account credentials.

Give this a try: Direct your browser to https://www.google.com and check out the login page. Look carefully at the address bar in the browser and you will see that it directed you to gooogle.com instead of google.com -a small, but critical difference. The hyperlink looks secure, but the actual URL is…”fishy.”

Phishing is all about tricking you into handing over your credentials. When I have those, I systematically use them to access a number of other sites – from social accounts, to bank accounts. This is a key reason to never use the same password on more than one site!

“But Who Would Target Me?”

You might be thinking, “who is going to spend time on little old me?” That is a great question – but the answer is no one. There are automated bots and malicious programs doing this; no people need to be involved. The worst news? Bots are indiscriminate – they don’t care how large or small you are. Everyone is a target. Don’t have a false sense of security because you think you’re too small to be targeted.

What Can I Do?

  • Be vigilant:  Be vigilant of where you are going online, and observe what your browser is telling you
  • Implement controls: You can add controls into your email software to disable links, making them un-clickable. (Note: You should not click on links in the first place, you should always type them in.)
  • Multi-factor authentication: One of the best strategies is to implement multi-factor authentication to ensure your accounts are secure.

Right now, the majority of us are using one-factor authentication. This includes an identifier (username) and one factor (password).

Multi-factor, authentication, on the other hand, requires an identifier, a password and at least a second factor. For example, using multi-factor authentication will prompt you for your username, password, and will prompt you to initiate the second factor. This could be a text message sent directly to your cell phone containing a unique code to be typed into the login page. Multi-factor authentication provides an added layer of security to ensure that you actually own or have rights to the account; it can be pretty difficult for someone else to obtain and unlock your phone, making this a highly trustworthy tactic.

If you are interested in protecting yourself and your business from the threat of phishing attacks (or other cyber security issues), contact us today to learn how we can help: 978-561-6025 or info@saviorlabs.com.

Do NOT follow this link or you will be banned from the site!
Subscribe to the SaviorLabs Newsletter