In the first quarter of this year, HKCERT has processed over 300 phishing attack incidents per month on average, up about 30% from same period last year. Apart from the increase in cases, HKCERT has also noticed that hackers have been using new techniques, with some using fake domain names to steal the victim’s personal information and use it in financial fraud. This blog aims to raise public awareness by analysing the recent phishing attack techniques and channels as observed by HKCERT.

 

 

Flash phishing attacks

 

Flash phishing attacks make use of fake domain names to launch attacks. Hackers continuously register different domain names targeted to specific organisation. They then launch a fake website using the registered domain and send the phishing message with a link to the victims through different channels (e.g. email, SMS, Instant Message). The attack will last for a few days. Afterwards, hackers will deregister those fake domain names and then launch a new round of attacks with another set of domain names. The characteristic of this technique is that the fake websites have very short lifespan. Therefore, when the websites are reported, they are already offline. We believe that attacker’s tactic is to evade investigation and blacklisting.

 

There are three common types of fake domain names. Let’s use “www.hkcert.org” as an example to illustrate them:

 

  1. Appending random characters to the legitimate domain name
    • Examples: www.hkcertaa.org, www.hkcertab.org or www.hkcert00.org, www.hkcert01.org
  2. Substituting a similar character or repeating an original character of the legitimate domain name
    • Examples: www.hkcevt.org or www.hkcertt.org
  3. Using another Top-level Domain
    • Examples: www.hkcert.cc, www.hkcert.site, www.hkcert.info

 

These fake domain names look alike to legitimate domain names. Users should be cautious trapping into these fake domain names when browsing the Internet.

 

 

Phishing sites use HTTPS

 

Websites using HTTPS only mean the network traffic has been encrypted. It does not necessarily mean the websites are genuine and credible. Attackers can abuse free digital certificate registration sites such as Let’s Encrypt to register a digital certificate for an untrusted domain. Indeed, HTTPS-enabled phishing sites have continued to climb.  According to the Hong Kong Security Watch Report for Q1 2021, over 80% of phishing sites were using HTTPS.  This rising trend is also in line with the latest report of Anti-Phishing Working Group.

 

 

Distribution Methods

 

Hackers may use different channels to launch phishing attacks, such as email, SMS and instant messaging software. Phishing attacks via SMS and instant messaging software will become more frequent with the wider use of mobile devices.  As a result, the public should verify any message received, especially when the user browses these sites using mobile devices. To avoid becoming a victim, think carefully before clicking any links or opening any attachments, and do verify the legitimacy of a website before providing any information.

 

 

Conclusion

 

As phishing attacks become more mature, to avoid becoming a victim of personal data leakage or even financial loss, you are advised to adopt the security advice below:

 

  • Pay attention to the spelling of domain names of websites and check their authority;
  • Do not assume a website that uses HTTPS is a legitimate site. A phishing site may also use HTTPS;
  • Verify any message received, especially for users of mobile device;
  • Do not click any link or open any attachment casually and do verify the legitimacy of a website before providing any personal information.



Source link

Is your business effected by Cyber Crime?

If a cyber crime or cyber attack happens to you, you need to respond quickly. Cyber crime in its several formats such as online identity theft, financial fraud, stalking, bullying, hacking, e-mail fraud, email spoofing, invoice fraud, email scams, banking scam, CEO fraud. Cyber fraud can lead to major disruption and financial disasters. Digitpol can assist with all stages of cyber related incidents.

Contact Digitpol’s hotlines or respond to us online.

ASIA +85239733884
Europe +31558448040
UK +44 20 8089 9944

Write a comment:
*

Your email address will not be published.