The best protection against phishing is human–machine collaboration
The history of phishing goes back to the late 1980s, when such a theoretical attack was first described. The very first real phishing attempts were made in the mid-1990s and since then, the number of phishing attacks has increased in both content and volume. In the last ten years, the number of phishing campaigns has slightly more than tripled, reaching more than a million campaigns a year.
E-mails sent for malicious purposes have also begun to take greater account of local specificities. For example, phishing e-mails sent to Estonians use more well-known brands of Estonian companies and in many cases, official e-mail addresses of companies. Such changes have made our people much more vulnerable to scams. How do you defend yourself in this situation? Unfortunately, there is no good single solution. However, there are clues to both phishing pages and e-mails that can indicate you are dealing with a fraud.
We generally interact with people or companies we know. Therefore, the first alarm should sound if the e-mail address behind a familiar person’s name is not familiar or does not make sense at all. If you receive a letter from Mati Karu, an employee of ‘ettevote.ee’, the e-mail will normally be sent from Mati.Karu@ettevote.ee:
However, you should be careful when you receive an e-mail from Mati Karu, an employee of ‘ettevote.ee’, but the message actually comes from an address like email@example.com even if the name of the sender is correct.
However, in the case of e-mails, it is very easy to falsify the sender’s address. There are too many cases where a well-known Estonian bank or university has sent a phishing e-mail or even distributed malware. It is possible to protect yourself against the falsification of your e-mail address and, in a sense, the abuse of your trademark by using up-to-date technical solutions. One is, for example, the DMARC standard, which should be very familiar to people in cybersecurity and e-mail management.
The DMARC standard was specifically designed to combat such e-mail and trademark counterfeiting by denying criminals the opportunity to appear as a known bank or company. When used correctly, it provides very effective protection, as most major e-mail providers verify that all incoming e-mails meet this standard.
Compliance with the standard is also checked for all e-mails where the address is the person’s eesti.ee e-mail address (for example, if a criminal wants to send a phishing e-mail to the e-mail address Mati.Karu@eesti.ee on behalf of the Information System Authority using the e-mail address firstname.lastname@example.org, our e-mail system will not allow such e-mails to reach people). This standard has already been widely implemented by the state, but unfortunately, most companies have not yet realised the risk and have not yet implemented the standard.
Phishing pages are not accessible to a person while surfing the web on their own and normally. Mostly, we visit the websites we were planning to visit – for news, we go to the address of the news portal, for banking, we go to the bank’s website, we also know the correct address to read e-mails. People usually reach phishing pages by links that are sent to them by e-mail or by a message. Again, there are clues that can betray phishers, so be very careful.
In most cases, when we get an e-mail from our bank, we know what the correct bank website address looks like: https://www.pank.ee. The address is sometimes followed by a reference to a specific page, such as a fall campaign page https://www.pank.ee/sugiskampaania. Web addresses should be read as follows:
To check the correctness of Internet addresses, check where the first single slash (in the picture, it is highlighted in orange) in the address bar is, as this is the slash from which the address is read. The address is read from right to left and the separator is a dot. In the example shown, ‘ee’ indicates that this is an Estonian address and the prefix ‘bank’ indicates that it is a bank address. For example, if the e-mail contains a reference to an Internet bank, such as https://pank-ee.com/sugiskampaania,, we see that the address is something completely different when we start reading from the slash. Visually, it looks similar, but not if we inspect it.
While technology companies, e-mail service providers, and national cybersecurity agencies strive to work together to protect citizens, the number of phishing e-mails is growing worldwide, and more and more mail is being targeted specifically at the people of Estonia. Technology can protect us to a certain extent, but it is important for people to be aware of the dangers to avoid the unfortunate consequences. The best protection is that, in addition to increasing knowledge, companies also use existing technology solutions (standards and best practices) to protect their customers from phishing.
Tõnu Tammer, Executive Director of CERT-EE
More news on the same subject
In recent years, Estonian companies have incurred losses exceeding more than a million euros annually due to cybercrime. However, the damages reported to the Information System Authority (RIA) constitute only the tip of the iceberg.
How can you maintain the security of your smart devices?