News

Get the Latest News and Press Releases

THE PHISHING PANDEMIC

IN THESE CONFUSING TIMES WHEN WE ARE TRYING OUR BEST TO THRIVE AMIDST OUR STRUGGLE BETWEEN KEEPING AWAY FROM COVID-19 & GETTING INTO THE WORK-FROM-HOME CULTURE, WE ARE BEING TARGETTED BY A THREAT, LESSER CONCERNED ABOUT OTHERWISE. STUDIES & NEWS PROVE AN ALL-TIME HIGH PEAK IN THE PHISHING ATTACK VECTORS THAT CAN BE AFFECTING FROM AN INDIVIDUAL TO A LARGE-SCALE ORGANISATION ALIKE. WITH OUR PERSONAL OR ORGANISATION’S SENSITIVE DATA AT STAKE OF EXPLOITATION, THE THREAT SOUNDS AS DANGEROUS AS THE COVID-19 ITSELF, THE PROTOCOL TO SAFEGUARD OURSELVES IS EQUALLY SIMPLE TO FOLLOW.

CONSIDER THE FOLLOWING CASES OF RECENT PHISHING ATTACKS:

  • IN ONE CASE, FBI AGENTS REPORT THAT EMPLOYEES AT AN UNNAMED FINANCIAL INSTITUTION REPORTED RECEIVING AN EMAIL FROM SOMEONE POSING AS THE FIRM’S CEO AND ASKING TO SWITCH A PREVIOUSLY SCHEDULED $1 MILLION PAYMENT TO A DIFFERENT DATE “DUE TO THE CORONAVIRUS OUTBREAK AND QUARANTINE PROCESSES AND PRECAUTIONS.”

  • IN ANOTHER CASE, A FRAUDSTER POSING AS A CLIENT FROM CHINA SENT AN EMAIL TO A BUSINESS REQUESTING THAT ALL INVOICES BE CHANGED TO A DIFFERENT BANK ACCOUNT DUE TO “CORONA VIRUS AUDITS,” ACCORDING TO THE FBI. THE VICTIM SENT SEVERAL WIRE TRANSFERS TO THE NEW ACCOUNT BEFORE DISCOVERING THE FRAUD.

WHAT EXACTLY IS PHISHING?

Wikipedia describes Phishing as:

Phishing is the fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details by disguising oneself as a trustworthy entity in an electronic communication. Typically carried out by email spoofing or instant messaging, it often directs users to enter personal information at a fake website which matches the look and feel of the legitimate site.

WITH THE CURRENT SITUATION, NO ONE IS FAR FROM THE THREAT. THAT EMAIL YOU RECEIVED REQUESTING YOU TO MAKE A DONATION IN THE PM-CARES FUND IN INDIA WITH A DIRECT LINK TO THE PAYMENT GATEWAY, OR THE SMS SAYING YOU JUST RECEIVED Rs. XXXXXX FROM THE STATE/CENTRAL GOVERNMENT AS A COVID-19 AID, CLICK THE LINK BELOW TO AVAIL, ARE ALL SUCH EXAMPLES OF THE PHISHING ATTACKS IN THE COUNTRY. WE IGNORE THESE BECAUSE WE UNDERSTAND THAT THE GOV. IS NOT DOING ANY SUCH ADVERTISING CAMPAIGNS & THESE ARE QUITE OBVIOUS ONES TO SPOT. HOWEVER, THE MORE COMPLEX ONES, WHICH CANNOT BE SPOTTED ALSO EXIST BETWEEN THESE ONLY. LET’S FURTHER DEEP DIVE IN A FEW OF THOSE!

THE MOST EFFECTIVE ONE SO FAR HAS BEEN: MASQUERADING URLs WITH PUNY CODES

A LITTLE SURF THROUGH THE INTERNET CAN EXPLAIN YOU WHAT UNICODE & ASCII VALUES ARE. PUNYCODE IS A WAY OF CONVERTING WORDS THAT CANNOT BE WRITTEN IN ASCII, INTO A UNICODE ASCII ENCODING. THIS LOOPHOLE IS USED BY THE ATTACKERS TO CHANGE THE CHARACTERS OF THE URLs TO REPLICATE THE LEGITIMATE WEB ADDRESSES & PHISH ON THOSE WEBSITES.

FOR A BETTER UNDERSTANDING, LET US ANALYSE A CASE HERE:

THE CURIOUSLY-NAMED SYSTEM KNOWN AS PUNYCODE IS A WAY OF CONVERTING WORDS THAT CAN’T BE WRITTEN IN ASCII, SUCH AS THE ANCIENT GREEK PHRASE (means Know Yourself) INTO ITS ASCII EQUIVALENT LIKE : 

WITH THIS, WE CAN REGISTER INTERNATIONAL DOMAIN NAMES WITH THE ABOVE ENCODING (SINCE FOR REGISTRATION WE CAN USE ANYTHING FROM A-Z, 0-9, and the hyphen ‘-’)

BUT THE GLOBAL DOMAIN NAME SYSTEM (DNS), IS RESTRICTED TO THAT LIMITED SUBSET OF ASCII CHARACTERS IN DOMAIN NAMES.

SO IF WE WERE TO REGISTER: .COM

SOME MODERN APPS MAY RECOGNISE THE PUNYCODING, AND AUTOMATICALLY CONVERT THE NAME FOR DISPLAY AS: .COM

NOW THIS STILL DOESN’T MAKE SENSE, RIGHT?

SEE, THE TWIST HERE IS THAT SOME ROMAN CHARACTERS LOOK SAME AS OTHER CHARACTERS IN OTHER LANGUAGES.

HENCE, IT IS CERTAIN THAT WE NEED TO CHECK BACK AT THE URLs BEFORE WE CLICK THEM. IF YOU FOUND THIS INTERESTING & WANT TO LEARN MORE ABOUT THE PROCESS IN THE ABOVE MENTIONED PUNY CODE & OTHER ATTACK VECTORS & LEARN ABOUT SAFETY MEASURES AS WELL, DO JOIN OUR FREE WEBINAR ON 22ND APRIL’20.

Scroll to top