Language switcher

You are here

The best protection against phishing is human–machine collaboration

The history of phishing goes back to the late 1980s, when such a theoretical attack was first described. The very first real phishing attempts were made in the mid-1990s and since then, the number of phishing attacks has increased in both content and volume. In the last ten years, the number of phishing campaigns has slightly more than tripled, reaching more than a million campaigns a year.

 

 

E-mails sent for malicious purposes have also begun to take greater account of local specificities. For example, phishing e-mails sent to Estonians use more well-known brands of Estonian companies and in many cases, official e-mail addresses of companies. Such changes have made our people much more vulnerable to scams. How do you defend yourself in this situation? Unfortunately, there is no good single solution. However, there are clues to both phishing pages and e-mails that can indicate you are dealing with a fraud.

 

Phishing e-mails

 

We generally interact with people or companies we know. Therefore, the first alarm should sound if the e-mail address behind a familiar person’s name is not familiar or does not make sense at all. If you receive a letter from Mati Karu, an employee of ‘ettevote.ee’, the e-mail will normally be sent from Mati.Karu@ettevote.ee:

 

However, you should be careful when you receive an e-mail from Mati Karu, an employee of ‘ettevote.ee’, but the message actually comes from an address like officemail40@naver.com even if the name of the sender is correct.

 

However, in the case of e-mails, it is very easy to falsify the sender’s address. There are too many cases where a well-known Estonian bank or university has sent a phishing e-mail or even distributed malware. It is possible to protect yourself against the falsification of your e-mail address and, in a sense, the abuse of your trademark by using up-to-date technical solutions. One is, for example, the DMARC standard, which should be very familiar to people in cybersecurity and e-mail management.

 

The DMARC standard was specifically designed to combat such e-mail and trademark counterfeiting by denying criminals the opportunity to appear as a known bank or company. When used correctly, it provides very effective protection, as most major e-mail providers verify that all incoming e-mails meet this standard.

 

Compliance with the standard is also checked for all e-mails where the address is the person’s eesti.ee e-mail address (for example, if a criminal wants to send a phishing e-mail to the e-mail address Mati.Karu@eesti.ee on behalf of the Information System Authority using the e-mail address ria@ria.ee, our e-mail system will not allow such e-mails to reach people). This standard has already been widely implemented by the state, but unfortunately, most companies have not yet realised the risk and have not yet implemented the standard.

 

Phishing pages

 

Phishing pages are not accessible to a person while surfing the web on their own and normally. Mostly, we visit the websites we were planning to visit – for news, we go to the address of the news portal, for banking, we go to the bank’s website, we also know the correct address to read e-mails. People usually reach phishing pages by links that are sent to them by e-mail or by a message. Again, there are clues that can betray phishers, so be very careful.

 

In most cases, when we get an e-mail from our bank, we know what the correct bank website address looks like: https://www.pank.ee. The address is sometimes followed by a reference to a specific page, such as a fall campaign page https://www.pank.ee/sugiskampaania. Web addresses should be read as follows:

A close up of a logo
Description automatically generated

To check the correctness of Internet addresses, check where the first single slash (in the picture, it is highlighted in orange) in the address bar is, as this is the slash from which the address is read. The address is read from right to left and the separator is a dot. In the example shown, ‘ee’ indicates that this is an Estonian address and the prefix ‘bank’ indicates that it is a bank address. For example, if the e-mail contains a reference to an Internet bank, such as https://pank-ee.com/sugiskampaania,, we see that the address is something completely different when we start reading from the slash. Visually, it looks similar, but not if we inspect it.

 

While technology companies, e-mail service providers, and national cybersecurity agencies strive to work together to protect citizens, the number of phishing e-mails is growing worldwide, and more and more mail is being targeted specifically at the people of Estonia. Technology can protect us to a certain extent, but it is important for people to be aware of the dangers to avoid the unfortunate consequences. The best protection is that, in addition to increasing knowledge, companies also use existing technology solutions (standards and best practices) to protect their customers from phishing.

 

Tõnu Tammer, Executive Director of CERT-EE

 

More news on the same subject

11.02.2020

The Central Criminal Police launched a cybercrime reporting and information website

Today, on Safer Internet Day, the Cybercrime Unit of the Central Criminal Police opened the website https://cyber.politsei.ee/ which can be used for reporting cybercrimes and information to the police. The website also gives tips on how to recognise phishing e-mails or restore access to your personal accounts.

22.01.2020

The Estonian Information System Authority recommends temporarily avoiding the use of Internet Explorer

Cyber criminals are abusing a critical security weakness uncovered in mid-December, which enables sending malware to the computers of Internet Explorer users. As no security patch is currently available for regular users, the Estonian Information System Authority recommends avoiding the use of Internet Explorer until the new security patches are in place.