Phishing: The Bait in Your Inbox

Phishing is a technique in which a cybercriminal sends an email to a user pretending to be a legitimate entity (social media platform, bank, public institution, etc.). The goal is to steal private information, make unauthorized charges, or infect the device. To achieve this, they attach infected files or links to fraudulent websites in the email.

What are the most common types of online fraud?

Among the most common cases is email spoofing (email identity theft). Using this technique, cybercriminals send emails with a fake sender address to send spam, spread malware or carry out phishing attacks by impersonating decision-makers within the company, suppliers, customers, etc.
Among the most common types of fraud involving identity theft, the following stand out:

• Fake Microsoft technical support: a scam in which the fraudster impersonates a Microsoft technician under the pretext of resolving certain technical issues on the computer. The main objective is to obtain confidential company information.
• CEO Fraud: involves deceiving an employee with the authority to make bank transfers or access company account data. The employee receives an email, supposedly from their boss (who may be the CEO, president, or director of the company), ordering them to carry out an urgent, confidential financial transaction. The goal is to transfer company funds to the scammer’s account.
• HR Fraud: In this case, the email is sent to HR staff, impersonating an employee who requests a change of account for their payroll deposit. Similar to CEO fraud, the goal is for the company to transfer money to the scammer’s account.

Another of the most common scams is extortion, in which the cybercriminal blackmails the victim with content they claim to have in their possession. In the warnings section, we find examples such as:

• Sextortion campaign: This type of campaign has many variations, as cybercriminals slightly alter the message content. The goal is to extort the recipients with an alleged video of sexual content, which will be sent to the victim’s contact list if they do not pay the amount demanded in bitcoins by the cybercriminals.

Here are some recommendations to help you avoid these attacks:

• Be cautious of emails that appear to be from banks or well-known services (Dropbox, Facebook, Google Drive, Apple ID, Correos y Telégrafos, the Tax Agency, etc.). You should always be suspicious of alarmist messages or urgent requests.
• Be suspicious if there are grammatical errors in the text; they may have used an automatic translator to draft the phishing message. No reputable service will send poorly written messages.
• Communications such as “Dear Customer,” “User Notification,” or “Dear Friend” are usually a red flag.
• If the message pressures you to make a decision immediately or within a few hours, that’s a red flag. Check directly with the service or by consulting other reliable sources of information—such as the OSI, Police, Civil Guard, etc.—to verify whether the urgency is real or not.
• Check whether the text of the link provided in the message matches the address it points to, and whether that address corresponds to the URL of the legitimate service.
• A reputable service will use its own domains for corporate email addresses. If you receive a message from an email address ending in @gmail.com, @outlook.com, or any similar domain, be suspicious.
• Apply the equation: request for banking information + personal information = fraud.

How can we identify a malicious email?
We receive hundreds of fraudulent emails in our inboxes, and while most are deleted, others achieve their goal: to be read.

How can we identify these emails so we don’t fall for the scam?

1. – Check the sender: were you expecting an email from that organization or person?
2. – Does the email subject line catch your attention? If so, be suspicious—most fraudulent emails use attention-grabbing or shocking subject lines.
3. What is the purpose of the email? If it asks for your personal information, that should set off alarm bells. Services like email providers or utility companies will not ask you for this information.
4. Writing: Are there spelling mistakes or poor writing? Keep in mind that a legitimate service provider would never send an email with poor syntax; if you notice this, it is likely a scam.
5. Links: Do the links lead to a legitimate page? Hover your mouse over the link without opening it; if it doesn’t match the actual website of the institution contacting you, don’t open it.
6. Does the email contain an attachment you weren’t expecting or that looks suspicious? If the answer is yes, it’s best not to open it.

Why is it called that?

Ransomware is formed by combining the words ‘ransom’ and “ware.”
Once the attacker encrypts the data, they demand a ransom from the victim via a message or pop-up window, effectively carrying out a virtual hijacking.

This threatening message warns the victim that the only way to decrypt their files, restore the system, or prevent a potential data leak is to pay the ransom.

They usually include a payment deadline, after which the hijacked files will be completely destroyed, published, or the ransom amount will increase if payment is not made on time. Generally, the ransom is demanded in a cryptocurrency (virtual currency) such as Bitcoin. They frequently use “mules,” who are intermediaries that transfer the money

In exchange for payment, cybercriminals promise to provide the means to unlock the computer or decrypt the files. However, this does not guarantee 100% that the cybercriminals will honor the agreement; for this reason, it is recommended not to pay the ransom to prevent the spread of this type of threat.

Ransom in cryptocurrency: Why?

Cryptocurrencies are virtual currencies that allow for nearly anonymous payments between individuals, making them difficult to trace.

They are accessible via the Tor dark web; there, funds from different wallets are mixed, creating a sort of cryptocurrency laundering that makes it difficult to trace transactions. This makes it easier for cybercriminals to extort their victims without the police being able to immediately track them down.

How does the infection occur?

As with other types of malware, cybercriminals use one or more of these methods to infect their victims; they exploit security holes (vulnerabilities) in computer software, operating systems, and applications.

Types and Behavior

Each type of ransomware operates and bypasses security differently, although they all share a common characteristic. From least to most significant, we can classify them as follows:

Hoax ransomware: simulates encryption using social engineering techniques to extort the user, demanding payment to recover their files or prevent them from being deleted.

Scareware: uses the lure of fake software or support. It usually appears as a pop-up ad reporting a supposed virus infection and offering a quick and easy solution: downloading a cleaning program that is almost always the malware itself.
Screen lockers: prevent the use of the device by displaying a window that covers the entire screen and cannot be closed. Two types of messages may appear in the window: first, a message informing the user that files have been encrypted and explaining the procedure to recover them, but the files remain intact. Second, a message from law enforcement stating that illegal activities have been detected and demanding payment of a fine to unlock the device. This is also known as the police virus.

Encryption ransomware: considered the most dangerous of all. Its main objective is to encrypt information in order to demand a ransom. Cybercriminals make use of the latest advances in encryption for this type of ransomware.

Within this variant, there is one called wiper, which does not restore access to the files; it simply deletes them.
There is also the variant Doxware which employs a technique known as “doxing,” which involves threatening the user with making the extracted personal data public.

Prevention / Think like a hacker:

Many experts claim that the best way to prevent ransomware is to put yourself in the hackers’ shoes and think as they would. To prevent and anticipate attacks, you need to put on the mask. For many companies, it’s not out of the question to hire ethical hackers or former hackers to improve their security.

1. 1. Awareness and training for employees and users.

• Up-to-date antivirus software.

1. 1. Dangerous pop-up installation requests.

• Click on links.

1. 1. Downloads of apps from unknown sources.

• Backups.

1. 1. Updating the operating system and applications.

• Privilege control.

1. 1. Anti-phishing solution for email.

• Action Plan.

With this real-time map created by Kaspersky, you can observe all types of attacks (including ransomware) in real time.

Awareness is the first step toward prevention; this is why ransomware isn’t numerically among the largest cyberattacks, although seeing the increase by the second is striking.

Spain is the 9th most attacked country according to the graphs obtained by Kaspersky. This graph also highlights the global need for cybersecurity.
Real-life case of CEO fraud:

This story recounts the case of Aurora and Sergio, siblings who are the owners of a physical therapy clinic located in downtown Cántabra.

The clinic has a staff of 13 employees: 9 physical therapists, 2 administrative staff members for clinic management, and the two of them, who, in addition to being owners, also perform hands-on work.

One day, one of the administrative staff members, Alfonso, received an email on his mobile device, supposedly from Aurora, requesting that he urgently carry out a confidential and very urgent financial transaction:

Alfonso, unaware of the situation, quickly replied in the affirmative. If we look closely, the email from the supposed Aurora contained significant spelling and grammar errors that could have raised some suspicion.
The cybercriminals responded quickly but made a mistake: they requested sensitive information, such as the account balance, to purchase a new machine, and this did not align with the clinic’s strategy or daily best practices.

At this point, Alfonso quickly contacted Aurora to ask if it had indeed been her. They both immediately realized that the clinic had been the target of an attempted data theft via phishing.

How did they carry out the scam?

This scam, also known as whaling because it involves phishing Targeting “big fish,” this scam works by sending a fraudulent email to a high-ranking employee, an accountant, or someone with access to sensitive data, personal information, or banking details, making it appear as though the sender is the CEO or head of their organization. This message typically requests assistance with a confidential and urgent financial transaction.

Real-life case of fake technical support:

Luis is the owner of a small online store managed from his office in Seville.
One day, he received a phone call from someone claiming to be from Microsoft in London. The caller, speaking in English with a threatening tone, explained that they had received numerous reports of the company’s computers displaying errors and security warnings, indicating that those computers were at risk and could be locked, which could affect his work.
Suspicious, Luis asked the operator to identify the affected devices and explain how the IP addresses of his devices had been linked to his phone number. The operator immediately responded evasively, raising his voice in a threatening tone. Finally, he threatened to block his devices and shut down his company’s operations, then hung up the phone.

What could have happened?

Cybercriminals gain their victims’ trust by offering to solve the problem, asking for device login credentials or the installation of remote control tools so they can connect and fix the issue. Once this is done, the computer and the confidential information it contains are vulnerable. With the provided data and control of the computer, they can: hijack the computer and demand a ransom for its release, or even steal data or carry out financial transactions if we have given them our bank details or stored them by default on the computer.

Over 1 million licensed users

Over 5 million recipients

Contact us for more information: info@tranxfer.com