What is phishing and how do cyberthugs con gullible victims?

There are various ways in which cybercriminals can rob people. Among them, and the most prominent one, is phishing emails. These mails are designed to trap innocent and gullible victims by enticing them with fake offers or a cash rewards or sleazy advertisements. The mail contains a link, and once it is clicked, people can lose their sensitive information within a few seconds.

According to Microsoft, these phishing emails, also called adversary-in-the-middle (AiTM), have attempted to target more than 10,000 organisations across the globe since September 2021.

In its blog post, Microsoft said the cybercriminals use phishing mail to steal passwords, hijack users’ sign-in sessions, and bypass the authentication process even if users had enabled multifactor authentication (MFA).

Add WION as a Preferred Source

“The attackers then used the stolen credentials and session cookies to access affected users’ mailboxes and perform follow-on business email compromise (BEC) campaigns against other targets,” the company said in the post.

What is phishing?

Phishing is an online scam, wherein malicious actors use sleazy emails, messages, advertisements or other resources to steal sensitive information. In every message there is a link in which some confidential information is asked from you.

How does it work?

To entice the users, the cyberthugs send a mail containing a replica URL of a big website or platform. That URL link is a proxy server between a potential victim and the targeted website so that the users are redirected to lookalike landing pages designed to capture credentials and MFA information.

"The phishing page has two different Transport Layer Security (TLS) sessions — one with the target and another with the actual website the target wants to access," Microsoft explained.

"These sessions mean that the phishing page practically functions as an AitM agent, intercepting the whole authentication process and extracting valuable data from the HTTP requests such as passwords and, more importantly, session cookies."

Once in possession of this information, the attackers injected the cookies into their own browsers to circumvent the authentication process, regardless of whether the victim had enabled MFA protections, it said.

"The session cookie is proof for the web server that the user has been authenticated and has an ongoing session on the website," Microsoft explained.

"In AitM phishing, an attacker attempts to obtain a target user's session cookie so they can skip the whole authentication process and act on the latter’s behalf."

How to protect yourself from phishing?

Speaking to DNA news website, a Delhi-based lawyer, Anurag, who monitors cases related to cybercrime, said that some important things should be taken care of to avoid phishing.

Do not click on any unverified link. If clicked, then do not fill the details. No company benefits you unnecessarily.No company gives the desired amount.Never fall for such calls, calls or emails, in which you are being offered with a bang.Do not share your banking details with anyone.

If you keep these things in mind, then you can avoid being a victim of phishing, he said.

(With inputs from agencies)

WATCH WION LIVE HERE