Phishing is the technique in which a cybercriminal sends an email to the user impersonating a legitimate identity(social networks, bank, public institution, etc.). The objective is to rob private information, carry out financial charges, or infect the device. To achieve this, they attach infected files or links to fraudulent pages to the email.

What are the most common online frauds?

Between the most usual cases, we find email spoofing (identity impersonation through email). Through this technique, cybercriminals send emails with fake sender information to send spam, spread malware, or carry out phishing attacks to impersonate identity profiles with decision-making capacity among the company, suppliers, or customers, etc.

Among the major casos of fraud, in which the impersonation of identity is utilized, it is important to point out:

  • The false technical support of Microsoft: fraud in which the scammer pretends to be the technician of the company, under the pretext of solving certain technical difficulties in the software. The objective is primarily to obtain confidential
    information of the company.
  • CEO fraud: consists in deceiving an employee with the ability of making banking transactions or accessing company account data. This employee receives an email, allegedly from their manager(could be the CEO, president, or director of the company), in which they are ordered to complete an urgent confidential financial operation. The objective is to transfer funds from the company to the scammer’s account.
  • HR fraud: in this case, the email is directed to the HR staff posing as an employee and requesting an account change for payroll income. The same as CEO fraud, the objective is so the company transfers money to the scammer’s account.

Other most common frauds include extortion, in which the cybercriminal blackmails the victim with content that they presume to have in their possession. In the warnings section we find examples such as:

  • Sextortion campaign: this type of campaign has many variations, as cybercriminals can change the content of the message slightly. The objective, however, is to extort the recipients with an alleged sexual video content, which will be sent to the victim’s contacts if theyh do not pay the quantity demanded in bitcoins by the cybercriminals.

Some recommendations to avoid these attacks:

  • Beware of emails that appear to be from known banks or service providers(Dropbox, Facebook, Google Drive, Apple ID, Emails and Telegraphs, Tax Agencies, etc.). You should always question alarmed messages or urgent requests.
  • Suspect the email if it contains grammatical errors in the text, as they could have used an automatic translator to draft the scam message. No service with a true reputation will send badly worded messages.
  • Messages with the subject “Dear Client”, “Notification to User”, “Dear Friend”, are usually a warning sign.
  • If the message obliges you to make an imminent decision or within only a few hours, it’s a bad sign. Directly compare whether or not the urgency is real with the service or by consulting with other trusted sources of information, such as the OSI, police, civil guard, etc.
  • Check if the text of the link they provide in the message matches the address it claims to, and if it corresponds to the URL of a legitimate service.
  • Services with true prestige will use their own domains for corporate email addresses. If you receive a message from an mailbox of type @gmail.com, @outlook.com or a similar address, be suspectful!
  • Simply apply the equation: request for banking information + personal data = fraud

How can we identify a malicious email?

We receive hundreds of fraudulent emails in our inboxes and even though most are eliminated, others achieve their goal- being read.

How can we identify these emails so we don’t fall for the bait?

  1. You should look at the sender- are you expecting to receive an email from this entity or person?
  2. Does the subject of the email capture your attention? If that is suspected, the majority of fraudulent emails use flashy or shocking subjects
  3. What is the purpose of the email? If it is the request of your personal information then it has to be an indicator to set off your alarms. Services such as mail or household supplies would not request this information.
  4. Wording: are there spelling errors or bad wording? Keep in mind that a service provider will never send an email with bad syntax, and if you detect this then it is probably a fraud.
  5. Links: do the links lead to a legitimate page? Place your mouse over a link without opening it, and if it does not correspond to the real webpage of the institution that is contacting you, then don’t open it.
  6. Does the email contain an attached file that you weren’t expecting or that is suspicious? If the answer is yes then it’s best to not open it.

Why is it called this?

The word “ransomware” is formed by uniting “ransom”(rescue payment) with “ware”(product). Once the criminal encrypts the data, they ask the victim for a ransom through a message or pop-up window, performing a virtual hijacking.

This message with a threatening tone warns the victim that the only way to decrypt their files, recover the system, or prevent possible data leakage, is to pay a ransom.

It usually includes a limit time window to pay before the total destruction of hijacked files occurs, or an increment of random amount, if you do not pay in time. Generally, the ransom is requested through some cryptocurrency (virtual currency), such as bitcoins.

Intermediaries that transfer money are also frequently used. In exchange for payment, cybercriminals promise to provide the mechanism to unlock the computer or decrypt the files. However, this does not 100% guarantee that the cybercriminals will comply with what they agreed to, so it is recommended to not pay the ransom to avoid the proliferation of such threats.

Why ransom in cryptocurrency?

Cryptocurrencies are virtual currencies that permit almost anonymous payment between individuals, which makes it difficult to track.

They are accessible from the anonymous network Tor, where funds from different portfolios are mixed, leading to a kind of cryptocurrency laundering that makes it hard to trace transactions. This makes it easy for cybercriminals to extort their victims without being immediately followed by police.

How does the infection occur?

As with other types of malware, cyber attackers use one or more of these techniques to infect the victim. They take advantage of present security holes (vulnerabilities) in the software, their operating systems, and their applications.

Types and Actualization

Every type of ransomware acts and penetrates security in different manners, although they are all based on the same feature at the end of the day. From minor to major importance, we can classify them into:

Hoax ransomware: simulates encryption using social engineering techniques to extort money from the user, demanding payment to recover their files or prevent them from being deleted

Scareware: utilizes the bait of false software or support. Generally, it appears as a popup announcement that informs of a suspected virus infection and provides a fast and easy solution to this by downloading a cleaning software that is almost always
malware.

Lockscreens: prevents the device from being used by displaying a window that fills the screen and does not allow the user to close it. Two types of messages may appear in the window: on one hand, it informs of the file encryption and the procedure to recover them, but the files are still intact. On the other hand, a message from security forces may appear that indicates the detection of illegal activities, requesting a fine to unlock the equipment. This is also known as the “Police Virus”.

Ransomware Encryption: considered to be the most dangerous of all. Its primary objective is to encrypt personal information to demand a ransom. Cybercriminals make use of the latest advances in ransomware encryption.

Within this variant comes the term wiper, which refers to when access to the files is not returned but instead deleted.

There is also a variant Doxware, which employs a known tactic such as “doxing”, which consists of threatening the user of making public extracted personal information

Prevention: Think like a Hacker

Many experts affirm that the best prevention of Ransomware is to put yourself in the shoes of hackers and think like them. To prevent and foresee it, it’s necessary to put a mask on. For many companies it is not a shame to hire ethical hackers or ex-hackers to improve the security of the company.

Awareness and Training of users and employees
Updated Antivirus
Hazardous pop-up installation requests
Click on Links
App downloads from unknown sources
Backups
Update Operating System and Applications
Privilege Control
Anti-phishing solution for email
Plan of Update

In this real-time map created by Kaspersky, you are able to observe all the types of Ransomware attacks.

Awareness is the first step to prevention, which is why Ransomware is not one of the largest cyberattacks in number, although we are seeing it increase by second hand impact.
Spain is the 9th most attacked country, according to the graphics obtained by Kaspersky. With the graphic we can also see the worldwide necessity of cybersecurity.