Phishing, the browser and malvertising, how to prevent phishing information




Are you one of those PC users, that do not fall for phishing scams? If you did, or want to know how to not get caught by phishing or malvertising scams? Read on. In this article, I will explain how phishing scams work, how to identify phishing emails and malvertising redirects easily and how to avoid them before you even noticed it’s a scam.

Most of the phishing scam web pages arrive by e-mail with a suspicious hyperlink. Email spammers sent out millions of emails on an hourly basis to gathered email address from the web. A few people will fall for the phishing scams, so these scammers keep trying to deceive user using phishing emails. Another, not so well known phishing technique that cybercriminals use is redirecting the user’s browser to compromised web pages or compromised advertising networks to phishing scams.

So how do these phishing scams work?

Email phishing

Email spammers know their changes are at a minimum. Every human that reads the daily news listens to the radio or visits the internet once in a while knows there are email spam and phishing. Humans get skeptical once an email arrives from their bank or an African government telling them they have won a large amount of money. Humans are taught to identify email spam because its a daily threat to the most of us using the internet.

email credentials phishing scam

In this image, ill show you how web pages are built to deceive the user into giving their email credentials. For the most of us, these web pages look strange and not legit. However, some people fall for the scams. What the phishers do here is they sent out an e-mail using an email spamming campaign and place a link in the email to the phishing web page, telling the user the email contains a non-existing attachment. The scammers state in the e-mail “Login to enable you view the uploaded document”. All the user have to do is log in to their email provider to see the attachment.

  1. Most user can clearly see this is not a domain associated with Google’s Gmail.
  2. The phishing redirect explains a document is protected and the email provider should be chosen to open the attachment.
  3. The phishing web page offers a few email provider services. It doesn’t matter which email credentials the cyber scammer collects. The more services they offer the more chance they have to collect the user’s email and password from the phishing web page.
  4. The browser open’s a new pop-up window with a fake login window to make sure the user enters their credentials.

The user ends up on a phishing page as in our image and enters their credentials. However, since cybercriminals know most humans do not trust strange emails from unknown email senders.

How to prevent email phishing?

Prevention is a big commitment. I think email phishing is here to stay and spammer keeps sending out those fake phishing emails across the world. Here are a few tips to identify a phishing email from a real email, do notice this is not a solid prevention technique. However, they will help some people identify phishing emails more easily.

What TO do to prevent email phishing

  1. In doubt, hover over the name of the email sender to see the email address, do not click, just hover over the name. Do not only rely on the sender’s name but identify the actual email address. This could expose a fake email address.
  2. Take the time to check the email for obvious clues: misspelled words, strange URLs, unprofessional or suspicious images and a sender you don’t know. Relax, and take look at the email without clicking anything.
  3. If the email contains an offer or a huge discount of some sort, go directly to the official website and check the website for the offer. If the discount or offer is on the official website the email could be legit.
  4. Banks, money disposals, cryptocurrency exchange web pages do never ever ask for your password or any login credentials at all. They already have it, if they need it they can use it. They shouldn’t but they do not need to ask you for it. Get rid of the email. If you did a password reset, you’d know, wouldn’t you?
  5. If the email is sent from a legit company and you do not trust the email. Call the company, ask the company if they sent out the email to their clients. You might even help them to warn other people their company name is abused in a phishing spam campaign.

What NOT do to

  1. Do not click on an e-mail sender you don’t know. Don’t even click on them, just delete them. Humans are curious and quickly take a peek at the email, this can redirect the browser or email client to a web page with malicious code and infect your computer with malware.
  2. Do not send a suspicious looking email to a client, friend or family to identify if the email is phishing or not. Get rid of the email if you do not trust it.
  3. Email clients and web browser have inbuilt protection against phishing content. If the email client or browser warns you that an image or an attachment contains dangerous code and you should avoid it, do so. Do not deny the in-built protection out of curiosity. Cybercriminals are known to manipulate the human behavior, it’s called social engineering. Social engineering works, you have been warned.
  4. Do not type confidential information, such as a credit card number, phone number, personal house address, or citizen service number on sites that you do not trust or in emails from suspicious addresses.

Malvertising

Cybercriminals compromise large advertisement networks or web pages with many visitors and place malicious script code in the legit ads. This is what is known as malvertising. What the cybercriminals do is; they buy (or compromise) ad space, place malicious script code in the ad and make sure the ad is shown on a large number of legit web pages. This can result in a large number of redirects or malware infections in short period of time.

The advertisements cybercriminals inject with malicious scripts redirect the browser to a phishing web page. The potential victim (PC user) is are already on a legit web page and the victim (PC user) trusts the phishing page a lot faster. We’ve seen this in the news recently with the advertisement network Traffic Junky. Cybercriminals also use malvertising to install Ransomware using outdated browsers or outdated plugins, such as Adobe Flash Player, Adobe Reader or Quicktime.

How to prevent malvertising?

  1. Update your operating system, your browser, install an anti-malware application with web and exploit protection. Keep your entire device up to date. Compromised web pages and advertisement networks could lead to code that infects your computer with malware. If your device is up to date, the malicious code cannot install malware
  2. Disable browser extension and plugins you do not need. Since HTML5 many web pages do not use the Adobe Flash Player anymore, Uninstall the Flash Player could prevent a lot of problems.
  3. Common sense. Yes.
  4. Install NoScript for Firefox users. NoScript is not for the novice users.
  5. Install Kaspersky Internet Security, if you do not have an antivirus solution. The Kaspersky Internet Security Suite is an all in one security solution for windows, mac, android. Prevent malvertising, ransomware, and 0day exploits with Kaspersky.


Share this article

Sharing is caring! Do you care about a safer world wide web? I think you do! Help other people with this information. You can use the social media buttons below.

Share on FacebookShare on TwitterShare on Google+

Article published on — by Max Reisler

Leave a Reply